how to get access tokens from refresh token? does refresh token expire? - python

I'm trying to create a python script which takes a (.csv with access tokens and a file) as input and uploads that file to multiple google drives whose access tokens are in that csv
but after sometime access tokens get expired and I have to get them again...just saw there's something called refresh and it refreshes access token
Is it possible to do this from python script, please explain.
Do refresh token expire?
import json
import requests
import pandas as pd
headers = {}
para = {
"name": "update",
}
files = {
'data': ('metadata', json.dumps(para), 'application/json; charset=UTF-8'),
'file': open("./update.txt", "rb")
}
tokens = pd.read_csv('tokens.csv')
for i in tokens.token:
headers={"Authorization": i}
r = requests.post(
"https://www.googleapis.com/upload/drive/v3/files?uploadType=multipart",
headers=headers,
files=files
)
print(r.text)

In order to be able to get a new access_token programmatically using a refresh_token, you must have set access_type to offline when redirecting the user to Google's OAuth 2.0 server.
If you did that, you can get a new access_token if you do the following POST request to https://oauth2.googleapis.com/token:
POST /token HTTP/1.1
Host: oauth2.googleapis.com
Content-Type: application/x-www-form-urlencoded
client_id=your_client_id&
client_secret=your_client_secret&
refresh_token=refresh_token&
grant_type=refresh_token
The corresponding response would be something like:
{
"access_token": "1/fFAGRNJru1FTz70BzhT3Zg",
"expires_in": 3920,
"scope": "https://www.googleapis.com/auth/drive",
"token_type": "Bearer"
}
Note:
You can find code snippets for several languages in the reference I provide below, including Python, but considering you are not using the Python library, I think the HTTP/REST snippet I provided might be more useful in your situation.
Reference:
Refreshing an access token (offline access)

Related

Python 3.6 Post Request Domain API

This is a bit of a newbie Q.
I'm using Python 3.6
I am trying to use the domain realestate api to write a scraper that collects data of houses/apartments for sale in my area, but i am having trouble getting the post request to work. I have registered and retrieved my client_id and secret_id for the authentication. The post request returns a status_code of 400
response = requests.post('https://auth.domain.com.au/v1/connect/token',
data = {'client_id':client_id,
"client_secret":client_secret,
"grant_type":"client_credentials",
"scope":"api_agencies_read api_listings_read",
"Content-Type":"application/json"})
token=response.json()
access_token=token["access_token"]
search_parameters = {
"listingType": "Sale",
"locations": [
{
"state": "NSW",
"suburb": "Balgowlah",
"postcode": 2093,
"includeSurroundingSuburbs": True
}
]
}
url = "https://api.domain.com.au/v1/listings/residential/_search"
auth = {"Authorization":"Bearer "+access_token}
request = requests.post(url, data=search_parameters, headers=auth)
details=request.json()
I know my authentication is correct, because i can use the Live API on the website to test the same request (i had to select the client, secret id and the project to allow direct access), and i get a valid access token from the code above.
access_token:
{'access_token': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
'expires_in': 43200,
'token_type': 'Bearer'}
request.json():
{'errors': {'parameters': ['Undefined error.']},
'message': 'The request is invalid.'}
I've been able to implement the notebook from this post. So i can be sure my client and secret ids are connected to the domain project.
#furas had the solution:
look at the example closer :)
The example uses "Content-Type":"text/json" but you use "application/json" instead of "text/json"

get end user tokens for eBay restful in Python

currently I am using eBay Trading API with Python. Thanks to: https://github.com/timotheus/ebaysdk-python
I used https://github.com/luke-dixon/django-ebay-accounts to get tokens for user.
Now, I would like to use Restful API (https://developer.ebay.com/docs#Acc). I don't think I can use tokens I have already. So, I managed thanks to Getting an Ebay OAuth Token get one. But I think I missing something, because during the process I cannot include info for user (name/password), so, for example https://api.ebay.com/sell/fulfillment/v1/order?limit=10 returns:
{
"errors": [{
"errorId": 1100,
"domain": "ACCESS",
"category": "REQUEST",
"message": "Access denied",
"longMessage": "Insufficient permissions to fulfill the request."
}]
}
Any idea how can I get a token for the user?
Just snippet of code to make things more clear:
AppSettings = {
'app_id': EBAY_PRODUCTION_APPID,
'app_secret': EBAY_PRODUCTION_CERTID,
'dev_id': EBAY_PRODUCTION_DEVID,
'ruName': EBAY_PRODUCTION_RU_NAME
}
authHeaderData = AppSettings['app_id'] + ':' + AppSettings['app_secret']
encodedAuthHeader = base64.b64encode(authHeaderData.encode())
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic ".encode() + encodedAuthHeader
}
body = {
"grant_type": "client_credentials",
"redirect_uri": settings.EBAY_PRODUCTION_RU_NAME,
"scope": "https://api.ebay.com/oauth/api_scope"
}
data = urllib.parse.urlencode(body)
tokenURL = "https://api.ebay.com/identity/v1/oauth2/token"
response = requests.post(tokenURL, headers=headers, data=body)
authDict = response.json()
So the request to run I need is:
r = requests.get("https://api.ebay.com/sell/fulfillment/v1/order?limit=10",
headers={"Authorization": "{}".format(authDict['access_token']),
"Content-Type": "application/json",
"X-EBAY-C-MARKETPLACE-ID": "EBAY_UK",
"Accept": "application/json"
})
According to this, I believe you are supposed to use the following authorization header:
headers['Authorization'] = "Bearer " + USER_ACCESS_TOKEN
Where the USER_ACCESS_TOKEN is the massive token generated on this page.
It looks something like this:
'v^1.1#i^1#p^3#f^0#I^3#r^0#t^ ...
...
...
...
... bfxr8BJtphi2M/oo2xpYo2hiMWxmZt4fVzS7qe2tMXUSAAA='
The Authorization you are using is for requests that aren't linked to a specific user account (search results, meta data for items, etc.). To make requests that are for specific users (eg. orders or inventory updates), you have to get their permission via their USER_ACCESS_TOKEN.
If you need help getting the USER_ACCESS_TOKEN let me know and I'll update.
Note that I have been trying to do the same thing that you are doing for about 6 hours now, and still haven't figured it out, so I am not confident in this answer.
Hope this helps. If you do figure it out, you should post an answer so others can too (ie myself xD).
eBay definitely wins the gold metal for worst api docs in the history of api docs...
The API Explore # developer.ebay.com has description of HTTP Headers for each RestFul API. E.G. Fulfillment API - getOrdres:
HTTP Headers
Authorization:Bearer <OAUTH_token>
Accept:application/json
Content-Type:application/json
Sample code:
import requests,json
headers = {
"Authorization": "Bearer Type_Your_Token_here_or_Paste_IF_too_long",
'Accept':'application/json',
'Content-Type':'application/json'
}
EndPoint = "https://api.ebay.com/sell/fulfillment/v1/order?filter=orderfulfillmentstatus:%7BNOT_STARTED|IN_PROGRESS%7D"
response = requests.get(EndPoint,headers = headers)
https://newbedev.com/ebay-oauth-token-and-refresh-tokens has introduced eBay OAuth token much better than eBay.
By the way, "grant_type": "client_credentials" is only valid for clients who can on have one scope. https://api.ebay.com/oauth/api_scope.
A shortcut to get your code run: the refresh token is actually the token you have for standard API, which is valid for 18 months. With a refresh token, you can get token without getting the annoying "authorization code" via user consent.
In short, please use refresh token to get user access token for the restful API.
Hope the above helps.

Microsoft Graph API: Authorization_IdentityNotFound

I'm following the Get access without a user guide to write a Python script that will call Microsoft Graph.
This script will be scheduled from cron so it cannot get admin consent (therefore authorize using Client Credentials). I am able to successfully obtain a token using this call:
request_url = "https://login.microsoftonline.com/mytenant.onmicrosoft.com/oauth2/v2.0/token"
data = {
'Host' : 'login.microsoftonline.com',
'Content-Type' : 'application/x-www-form-urlencoded',
'client_id' : 'my-client-id-1234',
'scope' : 'https://graph.microsoft.com/.default',
'client_secret' : client_secret,
'grant_type' : 'client_credentials'
}
response = requests.post(url = request_url, data = data)
I then try to get a user listing with this call, using the valid token:
request_url = "https://graph.microsoft.com/v1.0/users"
headers = {
'Authorization' : 'Bearer ' + token,
'Host' : 'graph.microsoft.com'
}
response = requests.get(url = request_url, headers = headers)
The problem is that I get an Authorization_IdentityNotFound error:
<Response [401]>
{
"error": {
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
"innerError": {
"request-id": "2257f532-abc4-4465-b19f-f33541787e76",
"date": "2018-03-27T19:11:07"
}
}
}
These are the permissions I've selected:
Any idea how to fix this error?
For others running into this issue, I was also getting this error until found out the documentation omits a very important caveat:
For client credentials, if the app belongs to a work or school (organization) context then for https://login.microsoftonline.com/common/oauth2/token replace common with a tenantId or domain name
See
Authorization_IdentityNotFound on Microsoft Graph API request
First things first, you can go ahead an remove all those Delegated Permission scopes. If you're using the Client Credentials Grant, you will only be using Application Permission scopes.
Second, you need to execute the Admin Consent flow before you can use Client Credentials. This is done by having a Global Admin from the tenant authenticate and accept your scope request:
https://login.microsoftonline.com/common/adminconsent?client_id=[APPLICATION ID]&redirect_uri=[REDIRECT URI]
You can read more about Admin Consent here: v2 Endpoint and Admin Consent

Create folders in google drive with rest api interface and python requests

I'm struggled with Google Drive REST API interface.
I need to create a folder programmatically. Reading api documents (https://developers.google.com/drive/v3/reference/files/create) it's possible to create a folder with a POST method to https://www.googleapis.com/drive/v3/files, a request body with folder name and mime type as 'application/vnd.google-apps.folder'
so I write this python function:
def createFolder(self,folderName):
if not self.authorization:
self.get_authorization()
url = 'https://www.googleapis.com/drive/v3/files'
headers = { 'Authorization':'Bearer {}'.format(self.access_token)}
metadata = {
"name": folderName,
"mimeType": 'application/vnd.google-apps.folder'
}
response = requests.post( url, headers = headers, params = metadata)
return response.json()
that outputs a response object like this:
{
u'mimeType': u'application/json',
u'kind': u'drive#file',
u'id': u'0B350e2U7rvyvR0k3NjJmTTVuWUE',
u'name': u'Untitled'
}
A file is created, but the folder metadata are not applied.
When I do the same with "Try it!" APIs Explorer I get a correct behaviour, so I can't understand where my code is wrong.
I'm writing a portable plugin and I don't want to deal with google library so I would prefer a simple Http approach.
I'll appreciate if you can give me any suggestions.
Thanks. I finally got it: (SOLVED)
def createFolder(self,folderName):
if not self.authorization:
self.get_authorization()
url = 'https://www.googleapis.com/drive/v3/files'
headers = {
'Authorization':'Bearer {}'.format(self.access_token),
'Content-Type': 'application/json'
}
metadata = {
'name': folderName,
'mimeType': 'application/vnd.google-apps.folder'
}
response = requests.post( url, headers = headers, data = json.dumps(metadata))
return response.json()
Google Drive API wants the needed parameters in {request body}, so metadata must be passed as json string and header "content-type" carefully set to "application/json", otherwise the API will not like very much python requests default to 'application/x-www-form-urlencoded'
There is a problem with your URL. Lose the ?uploadType=multipart as this isn't appropriate for creating a folder - "upload" is a reference to a file's content and a folder has no content.
Have you tried using postman to send rest API POST call? I work with rest API and python all day long. I first test it with postman. If that works, just have postman convert it to Python code. From there, you can create your variables, create your function. Run your python script and verify the folder was created.

How do you insert Google Glass Mirror credentials from python server side code?

I need some help completing the Mirror Credentials API insertion from my Python server code. We are using the Python Google API library to insert a special auth token into the Mirror API, but I'm getting a blank result from mirror.accounts().insert().execute() where I should be getting at least an error or confirmation that the API token credential we are passing to Google's Mirror API.
Here is our Python server code with some redaction of our secret info, the secret info private keys and client_id's are in a secret .json file we store securely on our server.
with open(os.path.join(os.path.dirname(__file__), 'mirror-credentials.json')) as f:
credentials_json = json.load(f)
credentials = SignedJwtAssertionCredentials(
service_account_name=credentials_json['client_email'],
private_key=credentials_json['private_key'],
scope='https://www.googleapis.com/auth/glass.thirdpartyauth',
)
http = credentials.authorize(httplib2.Http())
mirror = apiclient.discovery.build('mirror', 'v1', http=http)
glass_request = mirror.accounts().insert(
userToken=$glassware_gallery_user_token,
accountType='com.mycompany',
accountName="testAccountName",
body={
'features': ["a", "b", "c"],
'password': $myapp_glass_auth_token,
'userData': [{"key": "realName", "value": "Rusty Shackleford"}],
'authTokens': [
{"type": "drchrono_glass_token", "authToken": $myapp_glass_auth_token}
],
},
)
retValue = glass_request.execute()
Note: $glassware_gallery_user_token is the token we get passed in from the Google App Gallery when we turn our Glassware on (we've already setup our glassware app).
Executing the above code, we get a blank value for retValue, it's an empty dictionary: {} when printed. From the documentation it looks like this should be either an error message or a confirmation.
In response to comment:
Here is a printout of what the request we are sending looks like (got this by inserting print statements into httplib2 source code):
body='{"userData": [{"value": "Rusty Shackleford", "key": "realName"}], "authTokens": [{"authToken": "$omitted_auth_token", "type": "$myapp_glass_token"}], "password": "$omitted_auth_token", "features": ["a", "b", "c"]}',
headers='{'content-length': '305', 'accept-encoding': 'gzip, deflate', 'accept': 'application/json', 'user-agent': 'google-api-python-client/1.2 (gzip)', 'content-type': 'application/json', 'authorization': 'Bearer ya29.hACi3eQf2L2awk3rrLgf1uZQHen2ZANgT_ObBqTNpqrwC6wa_DwjuO9q'}',
request_uri='/mirror/v1/accounts/$my_google_serviceid/$com.myappname/rustyshack?alt=json'
I get a blank dictionary as a response: {}
I can see that this is actually talking to Googles services for 2 reasons:
If I change the user_token to be invalid the code throws an exception.
I can see our API call count in the Google Developer Console counting these attempts as calls against our API quota.
The actual data in the response from Google's servers (printed out in httplib2 has a status code of 204:
'' / '{'fp': , 'status': 204, 'will_close': False, 'chunk_left': 'UNKNOWN', 'length': 0, 'strict': 0, 'reason': 'No Content', 'version': 11, 'debuglevel': 0, 'msg': , 'chunked': 0, '_method': 'POST'}'
#TonyAllevato I'm trying to fetch all accounts on the device with accountManager.getAccounts(); and I'm only getting one account of type "com.google". getAccountsByType("com.xxxxxx") with my app identified supplied during the review process is returning an empty array.
The Insert Mirror API documentation is a little bit incorrect. It returns an empty response with a status header code of 204 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) "No Content" when it is successful. Some parts of the documentation led me to believe it would echo back the credentials in the response, but that was not the case.
On a separate note, I was able to debug why I couldn't get the credentials loading on my Glass by first making sure that I could install my provisional Glassware from the https://google.com/myglass store on my Glass device which makes sure there is connectivity.

Categories