I am currently learning Google App Engine. I want to develop a cloud app that provides synchronization using Google Cloud Endpoints. Frankly, I am impressed with Picturesque App (https://github.com/GoogleCloudPlatform/appengine-picturesque-python) that was demonstrated during Google I/O 2013. This app shows the feature that I really need.
To try out the application, I cloned it from GitHub and ran it through Google App Engine Launcher then when I tested it, there was no synchronization happened there. All pictures were saved locally. I already created and configured "settings.py" file with my Client ID as well as a "custom-js/picturesque-config.js" however I could not see Client-Server interaction in the app. Everything seemed to work locally.
I also got a problem with the google authentication. There was an error written there "Error: origin_mismatch" with all the requests details. I have been trying to fix this problem for a week but still, it could not work as expected. Could anyone shed some light on this issue? Herewith, I list the information on the requests details.
from_login=1
scope=https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/plus.login
https://www.googleapis.com/auth/plus.moments.write
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.profile.agerange.read
https://www.googleapis.com/auth/plus.profile.language.read
https://www.googleapis.com/auth/plus.circles.members.read
redirect_uri=postmessage
state=519184294|0.3676346342
origin=http://localhost:22080
as=-5faa3d6126cb2118
display=page
request_visible_actions=http://schemas.google.com/AddActivity
hl=en-GB
cookie_policy_enforce=false
response_type=code token id_token gsession
access_type=online
cookie_policy=single_host_origin
proxy=oauth2relay412480175
include_granted_scopes=true
client_id=604391723960.apps.googleusercontent.com
authuser=0
Your help would be greatly appreciated.
Thank you
This is an OAuth problem and the synchronization can't work if you can't sign in.
As the error says, you have an "Origin Mismatch".
What are the "Redirect URIs" for your application ID in the APIs console? The URI you are using -- e.g. http://localhost:8080 -- must match exactly, port, HTTP scheme and trailing slash.
You should try to fix this error by checking out existing answers on StackOverflow: https://stackoverflow.com/search?q=error%3A+origin_mIsmatch
Related
I am attempting to use the Google Photos API via my django based web application.
During the Oauth flow I am getting error 502 bad gateway.
So it turns out I was barking up the wrong tree the whole time. However due to the lack of feedback when you google the above title I thought it best to give someone the heads up they need to solve this.
I was using code that is meant for an 'installed application'. This means when the I was attempting to redirect the user to Google to get authorisation the code was creating a local server to handle the 'flow'. This is clearly not going to work when running it from a deployed web application.
The solution and best guide I have found is here. Hope this helps someone.
I would like to display on my GAE website a number of daily users of my android application (tracked with Google Analytics), both are under the same account. I wanted to use Analytics API for this. I am reading Hello Analytics API tutorial and looks like I need OAuth to authorize my app to get the data from Analytics. It looks quite complex, is there any easy way (like getting some token and using it)?
Looks like I need service account (for server to server applications), but I don't understand how to modify starter application (taken there) to use it.
Since you only want to access data that you own, using a service account is a good idea.
How ever the starter application you linked is for working with a normal OAuth2 and its not the same as the code for a service account.
I haven't done this in python myself before, but i found an example that should get you started. You will need to change it slightly because the scopes are for Google+ not Google analytics. create the service in python on GAE
If you have any problems changing it to work with Google Analtyics let me know i should be able to help with that. Even if i cant test the python code myself.
There is much simpler way to pass authorization - see App Identity doc. See also Java example how to access Analytics data from the GAE.
Another useful link is here.
Can someone help me understand what "/_ah/background" is in terms of google app engine (Python). I have a resident backend running, and I am seeing requests being made to that endpoint. They appear to be generated by something outside my code. They also appear to be being handled by my /_ah/start handler.
Thanks for any help you can provide.
I believe /_ah/background requests aren't actually HTTP requests, they're background threads. App Engine uses /_ah/background as a placeholder wherever it needs to group something by request, e.g. log messages. This matches what I see in my backends that use background threads.
(I could swear I read this in the docs somewhere recently, but I haven't found where yet.)
Any URL that starts with "/_ah/" is a reserved AppEngine URL. These are used for internal AppEngine tasks, you really shouldn't need to worry about them.
What does _ah mean in Google App Engine?
https://developers.google.com/appengine/docs/python/config/appconfig?hl=it-IT#Reserved_URLs
I'm developing a django app that integrates with google apps. I'd like to let the users login with their google apps accounts (accounts in google hosted domains, not google accounts) so they can access their docs, calendar, and whatnot.
In order to do it, I downloaded and started using django_openid_auth (and thus, python-openid).
First, to test it, I used this url in my settings:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/id'
And with that I managed to redirect the user to the google accounts page to login and then to return to my own domain, with the authentication cycle described by the google folks successfuly completed. However, to login to google accounts is of little use for me, as I'd like the users who have a google apps account in their hosted domain -but not a google account- to login with.
In order to do that, I read the google article on discovery " Discovering OpenID Endpoints for Hosted Domains", and changed the aforementioned setting to:
OPENID_SSO_SERVER_URL = 'https://www.google.com/accounts/o8/site-xrds?hd=<my-domain>.com'
-where, obviously, <my-domain> is my actual domain ;)
But the backend responded with the following message:
OpenID authentication failed: HTTP
Response status from identity URL host
is not 200. Got status 404
Debugging a little, I managed to find out that the code in python-openid (version 2.2.4) is the one that is misinterpreting the response from google, but I'm quite at loss here.
I have seen the authentication in my own domain work in socialwok.com and puffypoodles.com So I'm quite certain that the auth cycle for my google apps domain works, but somehow python-openid can't seem to complete it (though, and I reiterate, it works just fine with plain old google accounts).
Should I try to fix python-openid, or is there another way to fix this? Has anyone successfuly managed to login with google apps in a pure django app (not in google app engine)?
According to http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains, Google changed the way of IdP Discovery and user XRDS check a little bit to give Google Apps users openid in http://example.com/openid?id=108441225163454056756 kind of format without asking the users to build their own openid servers. For small companies, people can get their openid under their domain with as few as just a domain name if they use Google Apps.
This might be a good approach because people could use their Google Apps Account for the authentication, and they can still give out openids under their own domain which they could change the authentication backend for in the future. It is simple and extendable, but sadly it hasn't became the standard yet. So, if you use standard library like python-openid, you will encounter some problems.
To solve those problems, you have to patch python-openid yourself to follow Google's approach.
I ran into the same problem before and I have a patched version of python-openid v2.1.1 which works for me.
If you need, I could post my code after some cleanup. It was a quick patch, so don't expect too much :)
I think you can give a try http://github.com/hudora/django-googleappsauth
but I found some bugs trying to fix them and translating comments
I'm developing a website (in Django) that uses OpenID to authenticate users. As I'm currently only running on my local machine I can't authenticate using one of the OpenID providers on the web. So I figure I need to run a local OpenID server that simply lets me type in a username and then passes that back to my main app.
Does such an OpenID dev server exist? Is this the best way to go about it?
The libraries at OpenID Enabled ship with examples that are sufficient to run a local test provider. Look in the examples/djopenid/ directory of the python-openid source distribution. Running that will give you an instance of this test provider.
I have no problems testing with myopenid.com. I thought there would be a problem testing on my local machine but it just worked. (I'm using ASP.NET with DotNetOpenId library).
The 'realm' and return url must contain the port number like 'http://localhost:93359'.
I assume it works OK because the provider does a client side redirect.
I'm also looking into this. I too am working on a Django project that might utilize Open Id. For references, check out:
PHPMyId
OpenId's page
Hopefully someone here has tackled this issue.
I'm using phpMyID to authenticate at StackOverflow right now. Generates a standard HTTP auth realm and works perfectly. It should be exactly what you need.
You could probably use the django OpenID library to write a provider to test against. Have one that always authenticates and one that always fails.
Why not run an OpenID provider from your local machine?
If you are a .Net developer there is an OpenID provider library for .Net at Google Code. This uses the standard .Net profile provider mechanism and wraps it with an OpenID layer. We are using it to add OpenID to our custom authentication engine.
If you are working in another language/platform there are a number of OpenID implementation avalaiable from the OpenID community site here.
You shouldn't be having trouble developing against your own machine. What error are you getting?
An OpenID provider will ask you to give your site (in this case http://localhost:8000 or similar) access to your identity. If you click ok then it will redirect you that url. I've never had problems with livejournal and I expect that myopenid.com will work too.
If you're having problems developing locally I suggest that the problem you're having is unrelated to the url being localhost, but something else. Without an error message or problem description it's impossible to say more.
Edit: It turns out that Yahoo do things differently to other OpenID providers that I've come across and disallow redirections to ip address, sites without a correct tld in their domain name and those that run on ports other than 80 or 443. See here for a post from a Yahoo developer on this subject. This post offers a work around, but I would suggest that for development myopenid.com would be far simpler than working around Yahoo, or running your own provider.