This question refers to youtube, specifically youtube analytics API and OAuth flow.
Using a ruby server-side webapp, I have created a token.
I now want to use that token in a client-side python app.
I have the client_secrets.json that generated the token.
I have generated tokens with python before and the format does not match that of the ruby generated token.
Is there existing code or a simple way to convert the ruby formatted token for use in python? Yes, they are both json but the structures are different.
https://developers.google.com/youtube/reporting/guides/authorization/server-side-web-apps
Assuming that you use the same client id and client secret for both ruby and python. The refresh token that you got from one will work in the other.
Raw Oauth response:
{
"access_token" : "ya29.1.AADtN_VSBMC2Ga2lhxsTKjVQ_ROco8VbD6h01aj4PcKHLm6qvHbNtn-_BIzXMw",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/J-3zPA8XR1o_cXebV9sDKn_f5MTqaFhKFxH-3PUPiJ4"
}
Assuming you are using the client libraries then the issue you are going to have is how the different libraries store there credentials and read from them. You are going to have to make your own parser for that.
Related
I'm trying to use the API below to get access to a key vault.
https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/get
When I try to run this API in Alteryx, it asks for a authorization header.
I'm not sure what information I need to provide in this authorization header in order to get access to the specific key vault.
Can someone please share some knowledge on this?
enter image description here
Thanks
Azure Key Vault describes its request authentication in the Authentication section of this Authentication, requests and responses documentation:
Access tokens must be sent to the service using the HTTP Authorization header:
PUT /keys/MYKEY?api-version=<api_version> HTTP/1.1
Authorization: Bearer <access_token>
The access token is a token string that can be obtained via OAuth2 authentication. An easy way to obtain access tokens for Azure resources in Python is with the azure-identity library, which can be used with the azure-mgmt-keyvault library to make the request you're describing here.
If you'd like to use plain REST requests instead, access tokens are described thoroughly in this Microsoft identity platform access tokens documentation.
Disclaimer: I work with the Azure SDK for Python.
I'm a newbie so please bear with me.
I'm trying to set up a Google Cloud Function that can access a single GMail account on the same domain, download some emails and push them to Cloud Storage. I honestly would like to just use an email & password in the script (using Google KMS /w environment variables?) but I understand that isn't possible, and OAuth2 is required.
I've set up an OAuth Client in GCP and I have run the GMail API Python Quickstart guide. Running it locally I am prompted to allow access, and the token is saved so subsequent runs work without prompts.
I deployed the Cloud Function with the pickle file to test if the refresh token will still work, planning to figure out how to use KMS to make this more secure later on. But there's an issue loading the pickle:
UnpicklingError: invalid load key, '\xef'
Which makes it seem like the pickle gets compressed/corrupted on upload.
Is this even a sane approach? How could I do this? The email address is mine, so I was hoping I could just authenticate once and be done with it.
It's not possible for me to use a domain-delegated Service Account by the way- nor use IMAP.
Since you can't do domain delegated service accounts, you can try following this guide on setting up server side authorization. This sounds like what you want since it requires that the user authorizes the app once and then reuses that token. Here is a codelab that will take you through the auth part.
Alternatively, you can use push notifications. It sounds like your current design is to poll the Gmail API to look for new emails periodically, which also involves authorizing access to the account in the Cloud Function. However, if you take advantage of Push Notifications, you can both get the data in real time, and avoid having to authorize the Cloud Function to read the Gmail API. See guide here.
However, probably the easiest solution is to use app scripts. If you set up your cloud function to be triggered via an HTTP target, you can write an app script to ping that URL with the messages you want to send to GCS. Docs here.
function getEmails() {
let inbox = GmailApp.getInboxThreads(0, 50);
// Inbox Threads
for (i=0; i < inbox.length; i++){
let threadMessages = inbox[i].getMessages();
// Thread Messages
for (j=0; j < threadMessages.length; j++){
let message = threadMessages[j].getBody();
let subject = threadMessages[j].getSubject();
var options = {
'method' : 'post',
'contentType': 'application/json',
'payload' : JSON.stringify({"message": message, "subject": subject})
};
UrlFetchApp.fetch('YOUR_FUNCTION_TRIGGER_URL', options);
}
}
}
I currently am using the Microsoft Office 365 API to get information about Mailbox Usage and Activity. I am attempting to switch over to the Graph API, and am having some trouble.
When I use the current API, I give an 'auth' field in my header so I avoid posting for a bearer token before sending a GET request.
When I attempt the same in the Graph API I get the following error: "CompactToken parsing failed with error code: -2147184105"
After doing some research, I'm unsure if it is even possible to access the Graph API without posting for a bearer token. I would like to access it by still using the authorization credentials in a 'auth' field. Please let me know of any input/help you can provide!
If I follow correctly, you're looking to obtain a bearer token without going through a separate "POST" to convert the authorization code into an access (bearer) token? This is supported by the v2 Endpoint (and Microsoft Graph) using the Implicit Grant.
I wrote an article on this a while back that might be helpful getting you started - v2 Endpoint and Implicit Grant
I'm trying to use Basic Authentication in GitHub API. I wrote something like this:
reqURL = "https://api.github.com/repos/user/repo"
pullreqsURL = urllib.request.Request(reqURL)
pullreqsURL.add_header("Authorization", "Basic " + str(base64.urlsafe_b64encode(b'Username:myAuthTokenORpass')) )
pullreqsURL.add_header("Content-Type", "application/json")
pullreqsURL.add_header("Accept", "application/json")
urllib.request.urlopen(pullreqsURL)
However, it keeps throwing HTTPError.
With commented 3rd line it goes well.
Well. I've solved it using personal token instead of user:pass
pullreqsURL.add_header("Authorization", "token >mytoken<" )
It should be possible to authenticate via Basic Authentication with username/password.
Quote from the link:
Via Username and Password
To use Basic Authentication with the GitHub API, simply send the
username and password associated with the account.
However, I don't know Python, so I don't know whether str(base64.urlsafe_b64encode(b'Username:myAuthTokenORpass')) is the proper way to Base64 encode username/password.
As you mentioned personal access tokens, it's also possible to authenticate via Basic Authentication, but with an access token instead of your real password.
This is explained in my first link as well.
Quote:
Via OAuth Tokens
Alternatively, you can use personal access
tokens or OAuth
tokens instead of your password.
curl -u username:token https://api.github.com/user
This approach is useful if your tools only support Basic
Authentication but you want to take advantage of OAuth access token
security features.
I'm using this approach with success in a project of mine.
I have to develop a service (using flask and dropbox API) in order to synchronize a server with my dropbox account. (This service has to be run in back in background as a daemon)
First, I have begun with "authentication" : in the beginning I used OAuth 2 (but it was an issue that every time, the client has to confirm the authorization)
So, now I am using an authentication with a generated access token :
dbx = dropbox.Dropbox('ACCESS TOKEN')
So I have some questions:
1) Is it recommended and secure to use such authentication ?! otherwise , what it the best solution for this ?
2) What is the advantage of using the microframework flask in that case , because until now I'm just using native Python language
thanks
1) Yes, using an OAuth 2 access token is the right way to authorize API calls to the Dropbox API.
Note that you don't have to process the authorization flow each time though. You can store and re-use the access token once you retrieve it once.