I have a web page with Google Sign-In and I want to access user's data on behalf of the user even if he is offline.
I am looking for a suggestion for a library that I can use to obtain access token and refresh token using the authorization code that the client sent to the server.
I followed the official guide here.
In Step 7: Exchange the authorization code for an access token, the author uses oauth2client library which appears to be deprecated:
Note: oauth2client is now deprecated. No more features will be added to the libraries and the core team is turning down support. We recommend you use google-auth and oauthlib. For more details on the deprecation, see oauth2client deprecation.
So I looked at google-auth
This library provides no support for obtaining user credentials, but does provide limited support for using user credentials.
I also took a look at oauthlib, but there are many pages undocumented.
I am using Python 3.x with Flask.
Ended using Requests-OAuthlib.
pip install requests requests_oauthlib
from requests_oauthlib import OAuth2Session
oauth = OAuth2Session(client_id=GOOGLE_CLIENT_ID,
scope=GOOGLE_SCOPE,
redirect_uri='http://localhost:8000')
token = oauth.fetch_token(token_url=GOOGLE_TOKEN_URL,
code=authorization_code,
client_secret=GOOGLE_CLIENT_SECRET)
Related
I have an application created using Django that uses MSAL library to authenticate with Azure AD.
As I understand, MSAL uses OAuth and so far the authentication/authorization works great. Is there a way to implement authentication using SAML instead of OAuth. I came across pysaml2 library but doesn't have sufficient documentation to integrate with Azure AD. Can someone please share your thoughts.
Is there a way to implement authentication using SAML instead of
OAuth.
No it's not possible to use SAML authentication in MSAL library.MSAL does not support SAML. It only supports OAuth / OpenID Connect.
Similar kind of request also raised on StackOverflow and Microsoft Q&A as well you can check for more information
SAML is devloped by the Security Services Technical Committee of OASIS (Organization for the Advancement of Structured Information Standards) not by Microsoft so this might be the reason SAML is not included in MSAL Library.
While Running Chaos Toolkit Azure related Playbooks , i am getting an error as " failed: AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token" though i have passed in the correct Secret ID , Tenant ID , Client ID , SUbscription ID and Client Secret ID.. Even the Subscription has full permission to Service Principal.
Short answer: It would have helped to check the exact code you're trying to run, but from the mentioned error, it looks like you're trying to use the newer libraries in the older ways. When using newer SDK libraries based on azure.core, use the ClientSecretCredential object from the azure.identity library. When using older SDK libraries, use ServicePrincipalCredentials from the azure.common library.
Long answer:
The Azure libraries for Python are currently being updated to share common cloud patterns such as authentication protocols, logging, tracing, transport protocols, buffered responses, and retries.
In the newer version, the authentication mechanism has been re-designed and replaced by azure-identity library in order to provide unified authentication based on Azure Identity for all Azure SDKs. Run pip install azure-identity to get the package.
So instead of using the ServicePrincipalCredentials class from the azure.common library, switch to using ClientSecretCredential as follows:
from azure.identity import ClientSecretCredential
from azure.mgmt.compute import ComputeManagementClient
credential = ClientSecretCredential(
tenant_id='xxxxx',
client_id='xxxxx',
client_secret='xxxxx'
)
Here is another related thread with a detailed solution: Azure Python SDK: 'ServicePrincipalCredentials' object has no attribute 'get_token'
Additional references:
Azure SDK for Python on GitHub
Authenticate with token credentials
I wrote a script and uploaded it to GCFunctions.
Now, one of my functions is using PyJWT library in order to generate JWT for GCP API calls,
the problem is that I keep getting errors every time I run the function.
When I added pyjwt to 'requirements.txt' I got the error: 'Algorithm RS256 could not be found',
then I tried to add cryptography (the encrypting library that pyjwt uses), and also tried pycrypto (for RS256 registering) but still nothing.
I'd be grateful for some help here! even suggestions for other ways of authentication methods in GCP API calls would be great!
Thanks in advance!!
Edit: BTW- the function is running on Python3.7
Here is the content of my requirements.txt file (dependencies)
# Function dependencies, for example:
# package>=version
requests==2.21.0
pycrypto
pyjwt==1.7.1
pyjwt[crypto]
boto3==1.11.13
And this is the exception I get while trying to add pyjwt[crypto] and run the script once again:
enter image description here
Found a way to make it work. Posting it here for those who will face it in the future...
I decided eventually to upload a zip file that contains the code file + requirements.txt + service account JSON Credentials file and added the following libraries as dependencies(to requirements.txt): oauth2client, google-api-python-client.
Here's how I did it:
from googleapiclient import discovery
from oauth2client.client import GoogleCredentials
import logging
# set the service with the credentials
credentials = GoogleCredentials.from_stream("my_creds.json")
service = discovery.build('compute', 'v1', credentials=credentials)
# block errors printing for 'googleapicliet.discovery'
logging.getLogger('googleapicliet.discovery_cache').setLevel(logging.ERROR)
def main(event, context):
# Project ID for this request.
project = '<project_id>'
# The name of the zone for this request.
zone = '<zone>'
# Name of the instance resource to return.
instance = '<instance-id>'
request = service.instances().get(project=project, zone=zone, instance=instance)
response = request.execute()
# print only network details of the instance
print("'{}' Network Details: {}".format(response['name'], response['networkInterfaces'][0]['accessConfigs'][0]))
As specified in the PyJWT installation documentation, if you plan to do encoding or decoding of JWTs you should use the following pip install command to install it as a required extra along with pyjwt:
pip install pyjwt[crypto]
or add pyjwt[crypto] as a new line in your requirements.txt.
As you want to use the GCP APIs I would recommend you to use the client libraries, as when using the client libraries the authentication is managed by the library itself, therfor there is no need of managing the security by yourself.
here It is recommended by Google to avoid doing the authorization process explecitely. and instead using the propper client libraries.
I started new app in AppEngine Python3.7 stadard.
I am trying to get credentials using the following snippet, but its failing.
Anybody able to get credentials in GAE standard Python37 ?
Input:
from google.auth import app_engine
credentials = app_engine.Credentials()
Output:
The App Engine APIs are not available
When using App Engine Standard with python 3.7, none of the google.xxx libraries are available. You have to build your own, or use standard Python libraries. This goes for: auth, users, images, search, mail, taskqueue, memcache, urlfetch, deferred, etc., and even the ndb datastore interface.
For datastore, you use google-cloud-datastore or some 3rd party.
For others, you use a standard Python library, e.g.: google.auth => rauth, google.appengine.api.memcache => python-memcached
Read more here: https://cloud.google.com/appengine/docs/standard/python3/python-differences
That page recommends Google Identity Platform or Firebase Authentication to do authorization.
I am trying to evaluate the usage of oauth2client and oauth2 libraries on Python. We have already installed the former on our server for using some Google API.
Now I am trying to find out a way to use the same library to use external API too. I was trying to find an example to do so. However, as I read in most of the sources online, the oauth2client is predominantly for Google APIs.
The idea behind this trial is to see if we can do away with this requirement without installing oauth2 package on our server(s).
Any oauth2 and security experts may please guide me properly, as I could not find in the oauth2client documentation that this package is not supported for any external APIs using oauth for authentication.
https://oauth2client.readthedocs.io/en/latest/# This says..
oauth2client makes it easy to interact with OAuth2-protected
resources, especially those related to Google APIs
I am running on Python and I have key, secret and the url on which I can go a GET to get the required API I need. Please advise.