Following the directions in the google docs for using firebase for auth in GAE, I am sending an authorization token from Android to my backend python server. Reading that token using the following code:
import google.auth.transport.requests
import google.oauth2.id_token
HTTP_REQUEST = google.auth.transport.requests.Request()
id_token = headers['authorization'].split(' ').pop()
user_info = google.oauth2.id_token.verify_firebase_token(
id_token, HTTP_REQUEST)
results in the following stack trace:
File "/Users/alex/projects/don/don_server/mobile/main.py", line 61, in get_video
user_id = get_user_id(self.request_state.headers)
File "/Users/alex/projects/don/don_server/mobile/main.py", line 37, in get_user_id
id_token, HTTP_REQUEST)
File "/Users/alex/projects/don/don_server/mobile/lib/google/oauth2/id_token.py", line 115, in verify_firebase_token
id_token, request, audience=audience, certs_url=_GOOGLE_APIS_CERTS_URL)
File "/Users/alex/projects/don/don_server/mobile/lib/google/oauth2/id_token.py", line 76, in verify_token
certs = _fetch_certs(request, certs_url)
File "/Users/alex/projects/don/don_server/mobile/lib/google/oauth2/id_token.py", line 50, in _fetch_certs
response = request(certs_url, method='GET')
File "/Users/alex/projects/don/don_server/mobile/lib/google/auth/transport/requests.py", line 111, in __call__
raise exceptions.TransportError(exc)
TransportError: ('Connection aborted.', error(13, 'Permission denied'))
I've double checked my firebase project settings and localhost is listed as an authorized domain in the authentication sign-in section (I'm running this on the GAE local dev server).
As far as I can recall this was working a couple weeks ago. Any ideas?
UPDATE:
I implemented the same authentication using a service account as recommended in the firebase docs but am getting the same error message:
from firebase_admin import auth, credentials
import firebase_admin
fpath = os.path.join(os.path.dirname(__file__), 'shared', 'firebase-admin-private-key.json')
cred = credentials.Certificate(fpath)
firebase_admin.initialize_app(cred)
Then to process an incoming token
id_token = headers['authorization'].split(' ').pop()
user_info = auth.verify_id_token(id_token)
At some point I upgraded my requests library. Because requests doesn't play well with GAE, the calls to the firebase server failed. By downgrading to version 2.3.0 this now works.
pip install -t lib requests==2.3.0
Alternatively monkeypatching requests as suggested in this answer works as well!
import requests_toolbelt.adapters.appengine
requests_toolbelt.adapters.appengine.monkeypatch()
Related
I 'm looking at Microsoft Documentation here and here, I have created Web App in Azure Active Directory to access the Data Lake Store
From the Web App I have Object ID, Application ID and Key
looking at the documentations I see this:
adlCreds = lib.auth(tenant_id = 'FILL-IN-HERE', client_secret = 'FILL-IN-HERE', client_id = 'FILL-IN-HERE', resource = 'https://datalake.azure.net/')
how to use it to authenticate my code and run operation on Data Lake Store?
here is my full test code:
## Use this for Azure AD authentication
from msrestazure.azure_active_directory import AADTokenCredentials
## Required for Azure Data Lake Store account management
from azure.mgmt.datalake.store import DataLakeStoreAccountManagementClient
from azure.mgmt.datalake.store.models import DataLakeStoreAccount
## Required for Azure Data Lake Store filesystem management
from azure.datalake.store import core, lib, multithread
# Common Azure imports
import adal
from azure.mgmt.resource.resources import ResourceManagementClient
from azure.mgmt.resource.resources.models import ResourceGroup
## Use these as needed for your application
import logging, getpass, pprint, uuid, time
## Declare variables
subscriptionId = 'FILL-IN-HERE'
adlsAccountName = 'FILL-IN-HERE'
tenant_id = 'FILL-IN-HERE'
client_secret = 'FILL-IN-HERE'
client_id = 'FILL-IN-HERE'
## adlCreds = lib.auth(tenant_id = 'FILL-IN-HERE', client_secret = 'FILL-IN-HERE', client_id = 'FILL-IN-HERE', resource = 'https://datalake.azure.net/')
from azure.common.credentials import ServicePrincipalCredentials
adlCreds = lib.auth(tenant_id, client_secret, client_id, resource = 'https://datalake.azure.net/')
## Create a filesystem client object
adlsFileSystemClient = core.AzureDLFileSystem(adlCreds, store_name=adlsAccountName)
## Create a directory
adlsFileSystemClient.mkdir('/mysampledirectory')
when I try to ru the code I get error:
[Running] python "c:....\dls.py"
Traceback (most recent call last):
File "c:....\dls.py", line 38, in
adlCreds = lib.auth(tenant_id, client_secret, client_id, resource = 'https://datalake.azure.net/')
File "C:\Python36\lib\site-packages\azure\datalake\store\lib.py", line 130, in auth password, client_id)
File "C:\Python36\lib\site-packages\adal\authentication_context.py", line 145, in acquire_token_with_username_password
return self._acquire_token(token_func)
File "C:\Python36\lib\site-packages\adal\authentication_context.py", line 109, in _acquire_token
return token_func(self)
File "C:\Python36\lib\site-packages\adal\authentication_context.py", line 143, in token_func
return token_request.get_token_with_username_password(username, password)
File "C:\Python36\lib\site-packages\adal\token_request.py", line 280, in get_token_with_username_password
self._user_realm.discover()
File "C:\Python36\lib\site-packages\adal\user_realm.py", line 152, in discover
raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: User Realm Discovery request returned http error: 404 and server response:
404 - File or directory not found.
Server Error
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
[Done] exited with code=1 in 1.216 seconds
There are two different ways of authenticating. The first one is interactive which is suitable for end users. It even works with multi factor authentication.
Here is how you do it. You need to be interactive in order to log on.
from azure.datalake.store import core, lib, multithread
token = lib.auth()
The second method is to use service principal identities in Azure Active directory. A step by step tutorial for setting up an Azure AD application, retrieving the client id and secret and configuring access using the SPI is available here: https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-service-to-service-authenticate-using-active-directory#create-an-active-directory-application
from azure.common.credentials import ServicePrincipalCredentials
token = lib.auth(tenant_id = '<your azure tenant id>', client_secret = '<your client secret>', client_id = '<your client id>')
Here is blog post that shows how to access it through pandas and Jupyter. It also has a step by step on how to get the authentication token. https://medium.com/azure-data-lake/using-jupyter-notebooks-and-pandas-with-azure-data-lake-store-48737fbad305
After creating a chatbot in Dialogflow I want to connect this to my PyCharm environment, my end goal is to create a GUI within Python and allow it to connect through Dialogflow back-end, I also have a Firestore database and a few API's set up.
I have read to connect PyCharm to the Dialogflow (and, the Google Cloud platform) I need to use the Firebase-Admin SDK, which has been installed through PIP.
import dialogflow_v2beta1
from google.cloud import firestore
import firebase_admin
from firebase_admin import credentials
#Initialize the Admin SDK
cred = credentials.Certificate('C:Users\folder1\folder2\chatbot.json')
default_app = firebase_admin.initialize_app(cred)
#The below is a default test hoping to write a new document to the Firestore Database to check the connection works.
doc_ref = db.collection(u'users').document(u'alovelace')
doc_ref.set({
u'first': u'Ada',
u'last': u'Lovelace',
u'born': 1815
})
So, with the above I simply hope to connect my environment to my chatbot through the Google platform and when I run this code I hope for some data to be created in my Firestore database.
The error I get when I run the above is:
C:\Users\Me\PycharmProjects\Chatbot\venv\Scripts\python.exe C:/Users/Me/PycharmProjects/Chatbot/venv/Chatbot.py
Traceback (most recent call last):
File "C:/Users/Me/PycharmProjects/Chatbot/venv/Chatbot.py", line 12, in <module>
cred = credentials.Certificate('C:Users\folder1\folder2\chatbot.json')
File "C:\Users\Me\PycharmProjects\Chatbot\venv\lib\site-packages\firebase_admin\credentials.py", line 83, in __init__
with open(cert) as json_file:
IOError: [Errno 2] No such file or directory: 'C:Users\\folder1\\folder2\\chatbot.json'
Process finished with exit code 1
In short, I've checked the line 83 error in the credentials.py file where the default comment suggests means the file can't be found, but is correct as far as I can tell. The only thing I notice are the two \ in the error.
Any help would be much appreciated.
UPDATE
This has erased that error, but now being shown another three:
SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
google.api_core.exceptions.PermissionDenied: 403 Missing or insufficient permissions.
That path is wrong as far as I can tell. Should be C:\Users\folder1\folder2\chatbot.json. You're missing \ after C:.
Solved the additional errors by;
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
I had this problem too. It was caused by an old Python version (2.7.6) on Ubuntu 14.04.
Firebase requires SSLContext which was introduced in 2.7.9. I fixed it using this howto.
be careful
use this C:/../ instead c:\ ... \
don't forget:
cred = credentials.Certificate('C:/Users/ASPIREone/PycharmProjects/amazon/tester/serviceAccountKey.json')
firebase_admin.initialize_app(cred, {
'databaseURL': 'https://hrd-line.firebaseio.com'
})
db = firestore.client()
doc_ref = db.collection(u'users').document(u'president')
doc_ref.set({
u'first': u'Barrack',
u'last': u'Obama',
u'born': 1815
})
I got the same error (MAC USER)
Code fb_test.py
import firebase_admin
from firebase_admin import db
from firebase_admin import credentials
cred = credentials.Certificate("<dir>cred.json")
firebase_admin.initialize_app(cred, {'databaseURL':'https://<URL>'})
I ended adding the verify=False parameter on
/Users/<user>/.pyenv/versions/3.9.11/lib/python3.9/site-packages/google/auth/transport/requests.py
response = self.session.request(method, url, data=body, headers=headers,
timeout=timeout, verify=False, **kwargs)
I 'm looking at Microsoft Documentation here and here, I have created Web App in Azure Active Directory to access the Data Lake Store
From the Web App I have Object ID, Application ID and Key
looking at the documentations I see this:
adlCreds = lib.auth(tenant_id = 'FILL-IN-HERE', client_secret = 'FILL-IN-HERE', client_id = 'FILL-IN-HERE', resource = 'https://datalake.azure.net/')
how to use it to authenticate my code and run operation on Data Lake Store?
here is my full test code:
## Use this for Azure AD authentication
from msrestazure.azure_active_directory import AADTokenCredentials
## Required for Azure Data Lake Store account management
from azure.mgmt.datalake.store import DataLakeStoreAccountManagementClient
from azure.mgmt.datalake.store.models import DataLakeStoreAccount
## Required for Azure Data Lake Store filesystem management
from azure.datalake.store import core, lib, multithread
# Common Azure imports
import adal
from azure.mgmt.resource.resources import ResourceManagementClient
from azure.mgmt.resource.resources.models import ResourceGroup
## Use these as needed for your application
import logging, getpass, pprint, uuid, time
## Declare variables
subscriptionId = 'FILL-IN-HERE'
adlsAccountName = 'FILL-IN-HERE'
tenant_id = 'FILL-IN-HERE'
client_secret = 'FILL-IN-HERE'
client_id = 'FILL-IN-HERE'
## adlCreds = lib.auth(tenant_id = 'FILL-IN-HERE', client_secret = 'FILL-IN-HERE', client_id = 'FILL-IN-HERE', resource = 'https://datalake.azure.net/')
from azure.common.credentials import ServicePrincipalCredentials
adlCreds = lib.auth(tenant_id, client_secret, client_id, resource = 'https://datalake.azure.net/')
## Create a filesystem client object
adlsFileSystemClient = core.AzureDLFileSystem(adlCreds, store_name=adlsAccountName)
## Create a directory
adlsFileSystemClient.mkdir('/mysampledirectory')
when I try to ru the code I get error:
[Running] python "c:....\dls.py"
Traceback (most recent call last):
File "c:....\dls.py", line 38, in
adlCreds = lib.auth(tenant_id, client_secret, client_id, resource = 'https://datalake.azure.net/')
File "C:\Python36\lib\site-packages\azure\datalake\store\lib.py", line 130, in auth password, client_id)
File "C:\Python36\lib\site-packages\adal\authentication_context.py", line 145, in acquire_token_with_username_password
return self._acquire_token(token_func)
File "C:\Python36\lib\site-packages\adal\authentication_context.py", line 109, in _acquire_token
return token_func(self)
File "C:\Python36\lib\site-packages\adal\authentication_context.py", line 143, in token_func
return token_request.get_token_with_username_password(username, password)
File "C:\Python36\lib\site-packages\adal\token_request.py", line 280, in get_token_with_username_password
self._user_realm.discover()
File "C:\Python36\lib\site-packages\adal\user_realm.py", line 152, in discover
raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: User Realm Discovery request returned http error: 404 and server response:
404 - File or directory not found.
Server Error
404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
[Done] exited with code=1 in 1.216 seconds
There are two different ways of authenticating. The first one is interactive which is suitable for end users. It even works with multi factor authentication.
Here is how you do it. You need to be interactive in order to log on.
from azure.datalake.store import core, lib, multithread
token = lib.auth()
The second method is to use service principal identities in Azure Active directory. A step by step tutorial for setting up an Azure AD application, retrieving the client id and secret and configuring access using the SPI is available here: https://learn.microsoft.com/en-us/azure/data-lake-store/data-lake-store-service-to-service-authenticate-using-active-directory#create-an-active-directory-application
from azure.common.credentials import ServicePrincipalCredentials
token = lib.auth(tenant_id = '<your azure tenant id>', client_secret = '<your client secret>', client_id = '<your client id>')
Here is blog post that shows how to access it through pandas and Jupyter. It also has a step by step on how to get the authentication token. https://medium.com/azure-data-lake/using-jupyter-notebooks-and-pandas-with-azure-data-lake-store-48737fbad305
I am trying to access TFS REST API in Python 2 but getting 401 Authorization Error. I am able to access API url from web-browser using same credentials. Also same credentials is working with .Net code. Tried with urllib2 library as guided in this solution. Any suggestion to access TFS api in Python2?
tfs.py
import requests
from requests.auth import HTTPDigestAuth
username = '<UserName>'
password = '<Password>'
tfsApi = 'https://{myserver}/tfs/collectionName/_apis/projects?api-version=2.0'
tfsResponse = requests.get(tfsApi, auth=(username, password))
if(tfsResponse.ok):
tfsResponse = tfsResponse.json()
print(tfsResponse)
else:
tfsResponse.raise_for_status()
Error:
Traceback (most recent call last):
File "D:\Scripts\tfs.py", line 13, in <module>
tfsResponse.raise_for_status()
File "C:\Python27\lib\site-packages\requests\models.py", line 862, in raise_fo
r_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://{myserver}/tfs/collectionName/_apis/projects?api-version=2.0
.Net Working code:
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(
System.Text.ASCIIEncoding.ASCII.GetBytes(
string.Format("{0}:{1}", AppConfig.TFS_API_USER, AppConfig.TFS_API_PASS))));
TFS uses NTLM authentication protocol , Hence I have to update my code with HTTP NTLM authentication using the requests library.
Working code:
import requests
from requests_ntlm import HttpNtlmAuth
username = '<DOMAIN>\\<UserName>'
password = '<Password>'
tfsApi = 'https://{myserver}/tfs/collectionName/_apis/projects?api-version=2.0'
tfsResponse = requests.get(tfsApi,auth=HttpNtlmAuth(username,password))
if(tfsResponse.ok):
tfsResponse = tfsResponse.json()
print(tfsResponse)
else:
tfsResponse.raise_for_status()
It seems you want to get a list of team projects with REST API. The API should look like:
-
http://tfsserver:8080/tfs/CollectionName/_apis/projects?api-version=1.0
Make sure you have enabled Basic Auth for your TFS:
check your IIS to see whether the Basic authentication service role
is installed.
go to IIS Manager, select Team Foundation Server -- Authentication
and disable everything other than Basic Authentication. Then do the
same for the tfs node under Team Foundation Server.
restart your IIS.
I'm working on my first app ever to use Google Api for Calendar. I've read the Google examples at: https://developers.google.com/google-apps/calendar/instantiate
The first time I ran the program below it was successful. I allowed my app to access my Google account and the application made a calendar.dat file with the auth info in my app-directory. After I renamed the filed the code was in the auth stopped working. I have already deleted the file entirely and recreated it from scratch, but the error persists.
I do still get the Google authentication page and can still confirm access, after which I get a message that the authentication flow was completed.
This is the code (standard Google example which I fill in with my app details):
import gflags
import httplib2
from apiclient.discovery import build
from oauth2client.file import Storage
from oauth2client.client import OAuth2WebServerFlow
from oauth2client.tools import run
FLAGS = gflags.FLAGS
# Set up a Flow object to be used if we need to authenticate. This
# sample uses OAuth 2.0, and we set up the OAuth2WebServerFlow with
# the information it needs to authenticate. Note that it is called
# the Web Server Flow, but it can also handle the flow for native
# applications
# The client_id and client_secret are copied from the API Access tab on
# the Google APIs Console
FLOW = OAuth2WebServerFlow(
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
scope='https://www.googleapis.com/auth/calendar',
user_agent='YOUR_APPLICATION_NAME/YOUR_APPLICATION_VERSION')
# To disable the local server feature, uncomment the following line:
# FLAGS.auth_local_webserver = False
# If the Credentials don't exist or are invalid, run through the native client
# flow. The Storage object will ensure that if successful the good
# Credentials will get written back to a file.
storage = Storage('calendar.dat')
credentials = storage.get()
if credentials is None or credentials.invalid == True:
credentials = run(FLOW, storage)
# Create an httplib2.Http object to handle our HTTP requests and authorize it
# with our good Credentials.
http = httplib2.Http()
http = credentials.authorize(http)
# Build a service object for interacting with the API. Visit
# the Google APIs Console
# to get a developerKey for your own application.
service = build(serviceName='calendar', version='v3', http=http,
developerKey='YOUR_DEVELOPER_KEY')
And this is the output:
Your browser has been opened to visit:
https://accounts.google.com/o/oauth2/auth? (auth url shortened)
If your browser is on a different machine then exit and re-run this
application with the command-line parameter
--noauth_local_webserver
Traceback (most recent call last):
File "C:\Users\Desktop\Google Drive\Code\Python\Rooster\calendar.py", line 2, in <module>
import httplib2
File "C:\Python27\lib\site-packages\httplib2-0.7.6-py2.7.egg\httplib2\__init__.py", line 42, in <module>
import calendar
File "C:\Users\Desktop\Google Drive\Code\Python\Rooster\calendar.py", line 33, in <module>
credentials = run(FLOW, storage)
File "C:\Python27\lib\site-packages\google_api_python_client-1.0-py2.7.egg\oauth2client\util.py", line 120, in positional_wrapper
return wrapped(*args, **kwargs)
File "C:\Python27\lib\site-packages\google_api_python_client-1.0-py2.7.egg\oauth2client\tools.py", line 169, in run
credential = flow.step2_exchange(code, http=http)
File "C:\Python27\lib\site-packages\google_api_python_client-1.0-py2.7.egg\oauth2client\util.py", line 120, in positional_wrapper
return wrapped(*args, **kwargs)
File "C:\Python27\lib\site-packages\google_api_python_client-1.0-py2.7.egg\oauth2client\client.py", line 1128, in step2_exchange
http = httplib2.Http()
AttributeError: 'module' object has no attribute 'Http'
The problem is that in your run directory you have the file named calendar.py. When Google's httplib2 wants to import a standard calendar module it gets the local one instead. In the local one it executes it to perform the import. But because httplib2 is not yet fully imported the calendar.py code is not working properly.
Just rename the calendar.py to something like myCalendar.py.