I've managed to implement the simpleauth package for a basic webapp I've been working on. I now need to send data to this service from a python script running on a Raspberry Pi (the app is a "data logger" for temperature). Before I had implemented the simpleauth package, I could just POST the data and username to the site. Alas, now the response is the login page (to be expected).
If I wanted to connect to this webapp from the command line, I assume I'll need to authenticate myself. However, how would I go about doing this? I assume I'm going to need to programmatically replicate the steps taken by the browser to get a token but I think I've tried this and it hasn't worked. I'm not even sure who my token provider is - my webapp, or Google?
Any tips?
If you're trying to authenticate on an installed or console app, you need to use urn:ietf:wg:oauth:2.0:oob as the redirect_uri GET param in when you redirect the user to the login/authorization page. Once your app has been authorized, they'll be presented with a valid OAuth 2.0 code in a text box that they'll have to copy/paste into your app. Once they do that, then your app must follow the rest of the usual server-side flow (code for token exchange, etc.).
Related
We have
An existing Django backend with Python social auth for signing in with Google, providing web-based application and an API for the mobile app.
An iOS mobile app with GoogleSignIn pod.
Now we would like to allow mobile app users to sign in with Google inside the app, and then authenticate them on the backend, so that they can access their personal data via the app.
So my idea of the algorithm is:
App uses the GoogleSignIn and finally receives access_token.
App sends this access_token to the Backend.
Backend verifies this access_token, fetches/creates the user, returns some sessionid to the App.
App uses this sessionid for further requests.
The problem is with the third step: token verification. I found two ways of verifying:
1. Python social auth flow
As described in the docs:
token = request.GET.get('access_token')
user = request.backend.do_auth(token)
if user:
login(request, user)
return 'OK'
else:
return 'ERROR'
This would be a preferred flow, since it already has all the required steps and is working perfectly with the web app (like, accounts creation, defaults for newly created users, analytics collection, etc.).
But the problem is that the backend and the app use different CLIENT_IDs for the auth. This is due to the limitations in the Google Developers Console: when creating credentials, you need to select whether it will be a web app or an iOS app, and it cannot be both.
I tried to use different client ids (then backend cannot verify), tried to use web id inside the app (then the pod does not work), and tried to use app id inside the web (then the backend cannot verify again).
2. Google API Client Library
Another option is to utilize the way from the Google Sign-In for iOS documentation:
from google.oauth2 import id_token
from google.auth.transport import requests
try:
idinfo = id_token.verify_oauth2_token(token, requests.Request(), CLIENT_ID)
userid = idinfo['sub']
except ValueError:
# Invalid token
pass
It worked, but here we're missing all the pipeline provided by social auth (e.g. we need to create a user somehow), and I could not find a proper way of starting the pipeline from the middle, and I'm afraid it would be quite fragile and bug-prone code.
Another problem with this solution is that in reality we also have Signed in with Apple and Sign in with Facebook, and this solution will demand ad-hoc coding for each of these backends, which also bring more mess and unreliability.
3. Webview
Third option would be not to use SDKs in the Swift and just use a web view with the web application, as in the browser.
This solves the problem with the pipeline and client ids.
But it doesn't look native, and some users may suspect phishing attempts (how does it differ from a malicious app trying to steal Google identity by crafting the same-looking form?). Also, I'm not sure it will play nicely with the accounts configured on the device. And it also will require us to open a browser even for signing in with Apple, which looks somewhat awkward. And we're not sure such an app will pass the review.
But, maybe, these all are minor concerns?
⁂
So, what do you think? Is there a fourth option? Or maybe improvements to the options above? How is it solved in your app?
I'm trying to create a Slack App (see here), but I'm having incredible difficulty with how to create a Redirect URI.
Slack states the following:
You must specify at least one redirect URL for OAuth to work. If you
pass a URL in an OAuth request, it must (at least partially) match one
of the URLs you enter here. Learn more
I have a rudimentary understanding of a Redirect URI conceptually, but I have no idea how to go about actually getting this Redirect URI that Slack requires.
I've successfully used all of Slacks Integrations with Python including Real Time Messaging, but setting up a Redirect URI seems to require a special server or a website.
As already mentioned in the comments you will need a publicly reachable webserver to host your script for installing the Slack app. So the redirect URL is the URL to your installation script.
Basically any webserver or script hosting service that runs your favorite script flavor (e.g. PHP or Python) will work. See also this answer on how the OAUTH process can be implemented.
The redirect URL works without SSL, but for security reasons SSL is strongly recommended. Also many other features of Slack requires you to run SSL on your webserver (e.g. Interactive Buttons)
Another option is to run a webserver on your local machine (e.g. WAMP for windows) and open it to the Internet through a secure tunnel (e.g. ngrok). For developing and testing this is actually the better alternative, since you can test and fix your Slack app locally without having to deploy every change on a public server.
However for running a public Slack app (e.g. one that is listed on the Slack App Directory) I would strongly recommend to put the production version of your App on a public webserver.
If you're just trying to get it up so that you can authorize another workspace you can always use 'http://localhost' after authorizing it will try to redirect you there and you wont be able to see anything useful, but the authorization should still have taken place I believe.
of course if you're looking for the api code, you will have to pull it directly from the browser url. ... it's very manual.
I want to use Google API to track the number of tweets a particular website (say Rbloggers) make each day. And I am trying to do it in Python.
I am completely new to this. So, I was looking at the hello-analytics-api, in which I need to deal with OAuth 2.0. And I have no idea what to put down for the redirect URI.
I have read
What's a redirect URI? how does it apply to iOS app for OAuth2.0?
But I still don't quite understand the concepts and what I should put down for the 'redirect URI' ?
From Choosing a redirect URI
When you create a client ID in the Google Developers Console, two redirect_uris are created for you: urn:ietf:wg:oauth:2.0:oob and http://localhost. The value your application uses determines how the authorization code is returned to your application.
In case of desktop apps or programs, you should set it to urn:ietf:wg:oauth:2.0:oob so that you will be redirected to the page where you can copy the authorization code from internet browser and paste it in your desktop app
I am currently using gaeunit to perform automated test on my google app engine application. I am wondering whether it's possible to simulate the user login action using his/her google account using gaeunit?
Thank you very much.
Two situations:
Local Dev server: login is mocked via a simple web form. You can do a http POST to log in.
Production server: login goes through the Google auth infrastructure. No way to mock this. To make this work you'd need to code around it.
The dev server login is emulated just by setting environment variables. You can fake a login with three lines of python to set the three env variables, then the User API will behave as if you're logged in.
http://eatdev.tumblr.com/post/13070970245/faking-gae-user-authentication-locally-for-django
I'm currently developing a bottle app on GAE, and it's already got its own home-made authentication system. However, I would also like to permit access to some areas to application admins using Google Accounts. I'm looking at the documentation, but I'm not quite following it.
On the development server, hiting any _ah link sends me straight to the desired page, but on GAE, it gives me bottle's own 404 page. Can you point me to the right page where I can get started with this (preferably not the official docs which I'm having hard time with)?
NOTE: Forgot to mention it's a Python version of GAE.
_ah will work only on the development server. It's a part of appengine sdk which emulates the GAE. Coming to your point. If you want to use the google's account for admin functionalities. Then you should do something like this
from google.appengine.api import users
if users.is_current_user_admin():
Here admin refers to the appengine admin. if you want to simply use the google authentication
then you should use users.get_current_user() to get the current logged in user and implement your own logic.