I have coded an authentication and I get an access token, but when I use it to grab an object I just end up getting 'NoneType' object is not callable.
Exception Location: googleads\adwords.py in GetService, line 365
Exception Type: Type Error
Exception Value: Internal Server Error: /oauth2callback
I get the same result whether calling for Customer or CampaignService. I don't understand what I am doing wrong.
I am following the code in Googleads.
def getAdwordsFlow():
FLOW.redirect_uri = 'http://localhost/oauth2callback'
# Generate URL for request to Google's OAuth 2.0 server.
authorization_url, state = FLOW.authorization_url(
access_type='offline',
include_granted_scopes='true')
return authorization_url
def getAdwordsTokens(request):
auth_code = request.GET.get('code')
FLOW.fetch_token(code=auth_code)
credentials = FLOW.credentials
oauth2_client = oauth2.GoogleAccessTokenClient(
FLOW.credentials.token, FLOW.credentials.expiry)
adwords_client = adwords.AdWordsClient(
"DEVELOPER-TOKEN", oauth2_client, "USER-AGENT", "CLIENT-CUSTOMER-ID")
customer = adwords_client.GetService('CustomerService').getCustomers()[0]
print('You are logged in as customer: %s' % customer['customerId'])
return HttpResponseRedirect("/")
url.py
urlpatterns = [
re_path(r'^oauth2callback', queries.getAdwordsTokens, name='auth_calledback'),] #How
view.py
def index(request):
return redirect(getAdwordsFlow())
Terminal output:
"GET /oauth2callback?state=XXXXXXXXX&code=4/XXXXXXXXXXX&scope=https://www.googleapis.com/auth/adwords+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email HTTP/1.1" 500 80213
Why is it 500?
I notice my access token has a different value when I call for it. So I am assuming it's working.
According to your question, your service call is -
GET /oauth2callback?state=XXXXXXXXX&code=4/XXXXXXXXXXX&scope=https://www.googleapis.com/auth/adwords+https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email HTTP/1.1
This call is neither get access token call nor having access_token in the request and as per your reference code it will generate access_token from refresh_token.
def main(access_token, token_expiry, client_customer_id, developer_token,
user_agent):
oauth2_client = oauth2.GoogleAccessTokenClient(access_token, token_expiry)
adwords_client = adwords.AdWordsClient(
developer_token, oauth2_client, user_agent,
client_customer_id=client_customer_id)
customer = adwords_client.GetService('CustomerService').getCustomers()[0]
print 'You are logged in as customer: %s' % customer['customerId']
if __name__ == '__main__':
args = parser.parse_args()
# Retrieve a new access token for use in this example. In a production
# application, you may use a credential store to share access tokens for a
# given user across applications.
oauth2credentials = client.OAuth2Credentials(
None, args.client_id, args.client_secret, args.refresh_token,
datetime.datetime(1980, 1, 1, 12), GOOGLE_OAUTH2_ENDPOINT,
USER_AGENT)
oauth2credentials.refresh(httplib2.Http())
main(oauth2credentials.access_token, oauth2credentials.token_expiry,
args.client_customer_id, args.developer_token, USER_AGENT)
So to use your code, first generate refresh_token using this code and then use it in your given code.
Related
I have put together my first dash app with the help of lots of online samples.
The app parses the URL for callbacks. The URL format is HTTP://www.app.root.com/ID/UID
If the user is already authenticated everything works fine, but if the user is not already authenticated the user is redirected for authentication via Azure SSO and then returned to the root URL.
How can I capture the initial URL entered and redirect to it after authentication?
#app.server.route(PATH_LOGIN)
def login():
"""
Start a login redirection
"""
# define a random id for a new session
session["state"] = str(uuid.uuid4())
# Technically we could use empty list [] as scopes to do just sign in,
# here we choose to also collect end user consent upfront
try:
session["flow"] = _build_auth_code_flow(scopes=SCOPE, state=session['state'])
# pylint: disable=broad-except
except Exception as ex:
msg = str(ex)
print(f"{func_name()}: {msg}")
session["flow"] = {}
print(f"{func_name()}: session['flow']: {session['flow']}")
return redirect(session["flow"].get("auth_uri"))
# Its absolute URL must match one of the app's redirect_uris set in the Azure Application Registry
#app.server.route(PATH_AUTHORIZATION)
def authorized() -> "Response":
"""
Process the response from the authorization mechanism (AAD: Azure Active Directory)
Returns:
The URL to use next, either to access the app or to retry the login.
"""
# useful for initial debugging
print(f"{func_name()}: request.args:\n {request.args}")
if request.args.get('state') != session.get("state"):
# return redirect(url_for("index")) # No-OP. Goes back to Index page
print(f"{func_name()}: Redirecting to Index: {request.args.get('state')} different than {session.get('state')}")
return redirect(url_for("login")) # Go back to Index page
if "error" in request.args:
# process Authentication/Authorization failure
print(f"{func_name()}: request.args: {request.args}")
session['auth_error'] = _tuples_to_dict(request.args)
print(f"{func_name()}: Authentication/Authorization failure: {session['auth_error']}")
return redirect(url_root() + PATH_ROOT)
if request.args.get('code'):
# process received authorization code
cache = _load_cache()
result = _build_msal_app(cache=cache).acquire_token_by_auth_code_flow(
session.get("flow", {}),
request.args
)
print(f"{func_name()}: user result: {result}")
if "error" in result:
session['auth_error'] = result
print(func_name(), result)
return redirect(url_root() + PATH_ROOT)
session["user"] = result.get("id_token_claims")
_save_cache(cache)
print(f"{func_name()}: Successful authorization")
return redirect(url_root() + PATH_ROOT)
I have tried adding this:
#app.server.route('/<subpath>')
def show_subpath(subpath):
print(subpath)
return subpath
And I think I need to use it as the "next_url" after "return redirect(url_for("login"))" and/or append it to the end of the return redirect(url_root() + PATH_ROOT), but it's not clear to me how to use the subpath value.
Thank you for any help!
We created an application for Google Apps Marketplace. Our app works only if it's installed for everyone. But the problem is, some customers install our app for some organizations, not everyone. We want to display a specific message to those customers, but the problem is that we don't know if our app is installed for some organizations, or not installed at all. Therefore, customers who installed our app for some organizations get a message which is intended for customers who didn't install our app at all. We show them the install button but nothing happens when they install our app again, because it's already installed. We want to give them instructions how to change our app's status to "on for everyone".
How can we check if our app is installed for some organizations? We get the following error message from Google:
Failed to retrieve access token: {
"error" : "unauthorized_client",
"error_description" : "Unauthorized client or scope in request."
}
Which is the same error message we receive for cutomers who didn't install our app at all.
This is the Python function who throws the exception:
def _do_refresh_request(self, http_request):
"""Refresh the access_token using the refresh_token.
Args:
http_request: callable, a callable that matches the method signature of
httplib2.Http.request, used to make the refresh request.
Raises:
AccessTokenRefreshError: When the refresh fails.
"""
body = self._generate_refresh_request_body()
headers = self._generate_refresh_request_headers()
logger.info('Refreshing access_token')
resp, content = http_request(
self.token_uri, method='POST', body=body, headers=headers)
if resp.status == 200:
# TODO(jcgregorio) Raise an error if loads fails?
d = simplejson.loads(content)
self.token_response = d
self.access_token = d['access_token']
self.refresh_token = d.get('refresh_token', self.refresh_token)
if 'expires_in' in d:
self.token_expiry = datetime.timedelta(
seconds=int(d['expires_in'])) + datetime.datetime.utcnow()
else:
self.token_expiry = None
if self.store:
self.store.locked_put(self)
else:
# An {'error':...} response body means the token is expired or revoked,
# so we flag the credentials as such.
logger.info('Failed to retrieve access token: %s' % content)
error_msg = 'Invalid response %s.' % resp['status']
try:
d = simplejson.loads(content)
if 'error' in d:
error_msg = d['error']
self.invalid = True
if self.store:
self.store.locked_put(self)
except StandardError:
pass
raise AccessTokenRefreshError(error_msg)
Update 1: in Apps > Marketplace apps, an app can be on for everyone, on for selected orgs or off. We need to know the status of our app.
Update 2: I tried calling check_general_access but also when our application is uninstalled we receive True (Application has general access). This is after we confirmed that check_access returned False.
#staticmethod
def check_access(admin_email):
http = httplib2.Http()
credentials = SignedJwtAssertionCredentials(
SERVICE_EMAIL,
PRIVATE_KEY,
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.user.readonly',
sub=str(admin_email),
)
http = credentials.authorize(http)
try:
service = build(serviceName='admin', version='directory_v1', http=http)
logging.info("Application has access to admin's %s domain" % (admin_email))
return True
except Exception as e:
logging.info("Application does not have access to admin's %s domain (exception: %s)" % (admin_email, e.message))
return False
#staticmethod
def check_general_access():
http = httplib2.Http()
credentials = SignedJwtAssertionCredentials(
SERVICE_EMAIL,
PRIVATE_KEY,
scope='https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.directory.user.readonly',
)
http = credentials.authorize(http)
try:
service = build(serviceName='admin', version='directory_v1', http=http)
logging.info("Application has general access")
return True
except Exception as e:
logging.info("Application does not have general access (exception: %s)" % e.message)
return False
Not sure, but may have found a way. From the documentation I asserted that domain wide access is needed to impersonate a user within the target domain. Service apps do not need this for other tasks. While convoluted, you can test if you get credentials without the sub parameter to SignedJwtAssertionCredentials. If this succeeds, but adding the sub parameter fails, you're installed but not domain wide.
Let us know if this works and obviously Google has some work to do there still.
You can add ping back, every hour or so call some end point. If the ping was too long ago they probably remove the app
I am trying to implement oauth manually on my website which is being implemented using tornado. My url (localhost/form) contains a button which when clicked brings up a facebook login and then if the login is successful redirects back to the same site with a token (localhost/form?code=XXX) where I collect the token/code and begins taking requests from facebook.
My issue is that upon redirecting back to localhost/form with a given code, it appears that I reinitialize a brand new oauth2session object which does not match up with the token and I receive a GET request error. How should I correctly pass this oauth2session object or correctly reinitialize it? Is this reinitialization causing my error or something else? My current code which does not work is:
class FormHandler (BaseHandler):
def get(self):
client_id =XXX
client_secret =XXX
authorization_base_url = 'https://www.facebook.com/dialog/oauth'
token_url = 'https://graph.facebook.com/oauth/access_token'
facebook = OAuth2Session(client_id, redirect_uri='http://localhost/form')
facebook = facebook_compliance_fix(facebook)
authorization_url, state = facebook.authorization_url(authorization_base_url)
self.write('<button id="FacebookManual" type="button">Facebook Manual</button><br><script> document.getElementById("FacebookManual").onclick = function () {location.href ="'+authorization_url+'";};</script>')
#Check to see if I get redirected with a code
authorization_code=self.get_argument("code", default=None, strip=False)
if authorization_code is not None:
redirect_response='https://localhost/form/?code='+authorization_code
facebook.fetch_token(token_url, client_secret=client_secret, authorization_response=redirect_response)
r = facebook.get('https://graph.facebook.com/me?')
self.write('Hello'+r.content)
#Roughly how my tornado is set up
def make_app():
return Application(
[
url('/', BaseHandler, { "var":"nothing" }, name="root"), # this is for the root! :)
url('/form', FormHandler, { "var":"initialize this!" }, name = "forlorn"),
],
# settings:
debug = True,
)
Edit: A friend advised me to include the error that I was receiving. The error that I get is a oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.
ERROR:tornado.access:500 GET /form?code=XxX
I have the next problem with tornado.oauth : when user logs in with Google,Google sends me code to my redirect uri and then I try to get some information about user with the function get_authenticated_user
class GoogleOAuth2CodeHandler(tornado.web.RequestHandler,
tornado.auth.GoogleOAuth2Mixin):
#tornado.gen.coroutine
def get(self):
user =yield self.get_authenticated_user(
redirect_uri='http://localhost:8890/userdata',
code=self.get_argument("code")
)
self.write("hello world!")
but it fails with the next error:
ERROR:tornado.application:Uncaught exception GET
KeyError: 'google_oauth'
Settings:
settings = dict(
cookie_secret="32oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=",
login_url="/auth/login",
redirect_uri="http://localhost:8890/auth",
google_consumer_key="",
google_consumer_secret="",
google_permissions="https://mail.google.com/ https://www.google.com/m8/feeds",
google_permissions2="https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email"
))
consumer_key and consumer_secret are correct
authorize_redirect works correctly and I really get correct google code
google_consumer_key and google_consumer_secret are from the OAuth1 Google mixin. For oauth2, you need a google_oauth setting, which should be a dict containing 'key' and 'secret' fields:
google_oauth={"key": CLIENT_ID, "secret": CLIENT_SECRET},
I'm making a web app in python using the Flask framework to request the access token from Facebook using the SDK supplied in their site.
The access token is returned and it is correctly set in the GraphAPI object. However, it is returning the following error:
GraphAPIError: Invalid OAuth access token.
If I query the graph API from my local python environment using the same access token, it works just fine. The problem seems to be when executing in the webserver.
See code snippet below:
#app.route('/facebook')
def fb():
if 'token' in session:
graph = facebook.GraphAPI(session['token'])
return graph.get_object("me")
#app.route('/facebook/login')
def fblogin():
code = request.args.get('code','')
if(code == ""):
args = dict(client_id=app_id, redirect_uri=request.base_url)
#args = dict(client_id=app_id, redirect_uri=request.url_root + 'facebook')
return redirect(
"https://graph.facebook.com/oauth/authorize?" +
urllib.urlencode(args))
else:
token = facebook.get_access_token_from_code(code, request.base_url, app_id, app_secret)
session['token'] = [token.itervalues().next()]
return redirect (request.url_root + 'facebook')
Has anyone faced this before and/or can provide some insights?
Ok, 2 issues that I have managed to correct in this code and get it working:
1) The following line of code makes a list, that why the GraphAPI object is not able to identify a valid access token:
session['token'] = [token.itervalues().next()]
2) The following line of code gives an error stating that 'dict' is not callable. This is because the returned variable is a dictionary and, in order to be returned as a view, one must first transform it into a string:
return graph.get_object("me")