Config Superset with SSO using Google OAuth API -- missing scope parameter? - python

I have been trying to login to Superset (including registering new user) using Google OAuth API, following this instruction: https://aungmt.medium.com/superset-with-google-oauth-3ba7a1c1f459
All my search results shows me this config supposed to work. However, as soon as I click login button, I'm getting a Error 400: invalid_request Missing required parameter: scope. I quadruple checked my superset_config.py and it has 'scope': 'openid email profile' in it.
Anyone could shine a light on this?

I received some feed backs from Superset Slack channel. #Daniel Gaspar
I guess the tutorial I found online were all for older version of Superset. Some of the key names in the config did not match current documentation. Below is my working config as of Superset v0.38.0
OAUTH_PROVIDERS = [
{
'name': 'google',
'icon': 'fa-google',
'token_key': 'access_token',
'remote_app': {
'api_base_url': 'https://www.googleapis.com/oauth2/v2/',
'client_kwargs': {
'scope': 'openid email profile'
},
'request_token_url': None,
'access_token_url': 'https://accounts.google.com/o/oauth2/token',
'authorize_url': 'https://accounts.google.com/o/oauth2/auth',
'client_id': '###GOOGLE_KEY###',
'client_secret': '###GOOGLE_SECRET###'
}
}
]

Related

Trying to use python to authenticate to WebSite

I'm attempting to authenticate to a website to automate some device configuration.
There is no official API so I'm using "WebSpy" in my browser to watch what URLs are targeted and the payloads being sent.
I'm unable to get initial authentication working with a python post request.
The target url is https://xxxxxx.xxx/authenticate.
The payload I see when logging in from a web browser is.
{ "client_id": xxxxxx,
"username": <plainText username>,
"password": <plainText password>,
"realm": "xxxxx",
"credential_type": "http://auth0.com/oauth/grant-type/password-realm"}
If I replicate all this in a python requests.POST I get back
{ "error": "invalid request",
"error_description": "Unknown client."}
I should mention the "client_id" I'm sending in my python post is just copied from what I see coming from the browser.
I imagine that client ID should be dynamically generated somehow but I don't see where it's coming from.
I should also mention I see some reference to a \callback URL happening after login within the web browser so I'm guessing that is how/when the auth token is being offered.
Can anyone point me in the right direction on all this?
Thank you in advance.

BigQuery : rowAccessPolicies.list with a python script

I want to use a python script to retrieve the policies I have created into BigQuery. The issue is regarding themissing required authentication credential. It is said the script is Expecting OAuth 2 access token, login cookie or other valid authentication credential. But I am not sure where to find it and where to position it in my script. Someone can help me please.
My code:
import requests
response = requests.get("https://bigquery.googleapis.com/bigquery/v2/projects/project123/datasets/Dataset123/tables/Test/rowAccessPolicies")
response.json()
Desired output:
{
"rowAccessPolicies": [
{
"rowAccessPolicyReference": {
"projectId": "project123",
"datasetId": "Dataset123",
"tableId": "Test",
"policyId": "test_2"
},
"filterPredicate": "gender = \"M\"",
"creationTime": "2021-11-09T09:45:35.181602Z",
"lastModifiedTime": "2021-11-09T09:45:35.181602Z"
}
]
}
Actual ouptut:
{'error': {'code': 401,
'message': 'Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.',
'status': 'UNAUTHENTICATED',
'details': [{'#type': 'type.googleapis.com/google.rpc.ErrorInfo',
'reason': 'CREDENTIALS_MISSING',
'domain': 'googleapis.com',
'metadata': {'method': 'google.cloud.bigquery.v2.RowAccessPolicyService.ListRowAccessPolicies',
'service': 'bigquery.googleapis.com'}}]}}
As said in your message: "Request is missing required authentication credential". You should provide the credentials in your request. You have several ways to do so:
add the credentials in the headers (depending on the type of authentication you have)
use Google Api Core (https://googleapis.dev/python/google-api-core/latest/auth.html)
or use the Google Cloud Python lib which has this procedure include (https://github.com/googleapis/google-cloud-python)

Odoo 14: mobile app development to communicate my web app

I want some guidance related to mobile app development using Odoo framework (if I can or i can use my custom app in mobil or i misunderstood) for Android and iPhone. I am testing using Postman. I can login successfully from Postman using json type login credentials in Body. but failed to get into the GET method, my Contol file is as below. used session_id from Cookies and my url is: http://127.0.0.1:8069/get_brands
showing this when trying to access above url (i have only 1 database):
{
"jsonrpc": "2.0",
"id": null,
"error": {
"code": 404,
"message": "404: Not Found", .... }
Is there any other requirements to achieve these 4 methods GET/POST/PUT/DELETE ?
if i create an interface for mobile app like my web app and just access it via mobile, is it ok or there is/are different things to learn ? if it is, please provide the link to the guide to create a custom mobile app OR there is any app exists which i can customize and use as part of my app like inheritance in odoo framework?
Control File ( tests/constollers/controllers.py ):
from odoo import http
from odoo.http import request
class Testapi(http.Controller):
#http.route("/get_brands", type='json', auth='user')
def get_brands(self):
brands_rec = request.env['tests.brands'].search([])
brands = []
for rec in brands_rec:
vals = {
'id': rec.id,
'name': rec.name,
}
brands.append(vals)
print('Brands... ', brands)
data = {'status': 200, 'response': brands, 'message': 'Success'}
return data
Please help how i can develop a mobile app for end user / employees login page and other mobile UI for query, data entry, change password etc. or any link(s) for guidance to achieve.
regards

Why is a redirect used on oath?

See the example here. Why is a redirect used simply to connect to a service? Why bother with mocking a service and all that stuff? Is there some valid reason for all of this or is this just because someone made an assumption about how authentications would be used (i.e. author and user are different)? Is there a good way of avoiding this within the REPL?
https://github.com/SaxoBank/openapi-samples-python/blob/master/authentication/oauth/code-flow/bare-bones-code-flow-app.py
I don't fully understand your issue, but regarding the SAXO API and the oauth token, you always to need to define the RedirectUrls for generating the token. That's why the 5 keys listed in the provided are indeed mandatory :
params = {
"grant_type": "refresh_token",
"refresh_token": token_data["refresh_token"],
"redirect_uri": app_config["RedirectUrls"][0],
"client_id": app_config["AppKey"],
"client_secret": app_config["AppSecret"]
}
FYI, you can find the full doc of the Redirect URI here below :
https://www.oauth.com/oauth2-servers/redirect-uris/

Google calendar api acl

I was trying to use API to make some changes on my google calendar.
I have created a project on google cloud console, enable calendar API, and got the credential ready. The OAuth scope I set is:
scopes = ['https://www.googleapis.com/auth/calendar']
flow = InstalledAppFlow.from_client_secrets_file("client_secret.json", scopes=scopes)
And I got both credentials for my account.
credentials = flow.run_console()
I wanted to use ACL to gain access to the calendar, so I tried "get" and "insert" these two functions. Codes are as follows:
rule = service.acl().get(calendarId='primary', ruleId='ruleId').execute()
print('%s: %s' % (rule['id'], rule['role']))
rule = {
'scope': {
'type': 'group',
'value': 'default',
},
'role': 'owner'
}
created_rule = service.acl().insert(calendarId='primary', body=rule).execute()
print(created_rule)
However, the results show that I have some problems with the access part.
<HttpError 400 when requesting https://www.googleapis.com/calendar/v3/calendars/primary/acl/ruleId?alt=json
returned "Invalid resource id value.">
and
<HttpError 400 when requesting https://www.googleapis.com/calendar/v3/calendars/primary/acl?alt=json
returned "Invalid scope value.">
what step have I miss or do wrong?
The first error shows up in Acl.get whenever you specify an invalid ruleId. So make sure you are providing a valid ruleId in here:
rule = service.acl().get(calendarId='primary', ruleId='valid-rule-id').execute()
If you don't know the ruleId, you can look for it by calling Acl.list.
About the second error, the problem is that you are providing a wrong request body for Acl.insert. If you want to share this calendar with a group, you should provide a valid email address of the group in scope.value. default is not a valid value. Your request body should be something like this:
rule = {
'scope': {
'type': 'group',
'value': 'group-email-address',
},
'role': 'owner'
}
You will find the group email address if you click About in the corresponding group.
I hope this is of any help.

Categories