Environment details
OS: MacOS Catalina
Python version: 3.6.9
pip version: 19.3.1
google-api-python-client version: 1.7.11
Steps to reproduce
It states here https://developers.google.com/calendar/v3/sync that a GoogleJsonResponseException will be returned in Java if a sync token can not be returned. Currently I have the following:
events = service.events().list(calendarId='primary', syncToken=sync_token, pageToken=page_token).execute()
except Exception as e:
if 'code' in e and e.code == 410: #sync token was invalidated, full sync required
#clear token, call full sync
How are invalidated sync tokens handled in python?
Is there python documentation that shows the client library automatically refreshing the access token after .execute()? For example, doing the following appears to show the client library automatically refreshing my access token:
credentials = pickle.loads(user.google_api_credentials)
print(credentials.valid) #false
event_results = service.events().list(calendarId='primary', singleEvents=True).execute()
print(credentials.valid) #true after calling .execute() in the line above. Does this confirm automatic refreshing of access_token?
Can someone confirm if using the google-pi-python-client will automatically refresh the access tokens without requiring extra code?
Related
When calling a google oauth library method, it fails without error - no amount of try/catch-ing traps any error messages.
I am trying to get an identity token much as I would if I executed gcloud auth print-identity-token from the command line using the gcloud cli.
The reason for wanting the identity token is that another Cloud Function service requires it as Authorization : Bearer [token], and indeed works correctly when I stuff a manually generated identity token in my code. That is not a suitable solution for development or production
The code snippet I wrote, cobbled from numerous sources, to procure an identity token is this:
using (var stream = new FileStream(credentialsFilePath, FileMode.Open, FileAccess.Read))
{
var credentials = GoogleCredential.FromStream(stream);
if (credentials.IsCreateScopedRequired)
{
credentials = credentials.CreateScoped(scopes);
}
OidcToken oidcToken = await credentials.GetOidcTokenAsync(
Options
.FromTargetAudience(scopes[0])
.WithTokenFormat(OidcTokenFormat.Standard));
// this line bombs immediately, jumping out of this method and the calling method.
string token = await oidcToken.GetAccessTokenAsync();
return token;
}
In the above code, scopes[0] is left over code from a previous attempt which contains the endpoint to Cloud Function service. https://subdomain.cloudfunctions.net/cloud-function/v1/ is the general form of the cloud function endpoint I am calling as a part of a web api.
Is this a valid and reasonable way to get the equivalent of gcloud auth print-identity-token? If so, why the epic failure?
I need to use a google service account for service to service authentication. Development environment is visual studio 2019, .net core 3.1, docker/linux
PS - the service account has the cloud function's Cloud Functions Invoker role.
PPS - the issue seems to be related to docker and a set of error messages I get when starting my project in docker. I had ignored them as they were not until now impairing functionality.
at System.Net.Http.CurlHandler.ThrowIfCURLEError(CURLcode error)
at System.Net.Http.CurlHandler.MultiAgent.FinishRequest(StrongToWeakReference`1 easyWrapper, CURLcode messageResult)
running the code on windows works.
The penultimate problem is that I needed to make an upstream method asynchronous and add an await. Now the code above works every time. This change led me to the ultimate problem whose solution is some code refactoring in ConfigureServices() related to AddHttpClient() setup.
The curl exception was due to trying to add logger.loggerFactory.AddGoogle(…) with a bad configuration. this has been a bad hair day.
This question is also an example of what not to do - ie I used too much minimalism to describe the problem.
When I run jx install I get those error messages
Attempting to find the Jenkins API Token with the browser in headless mode...using url http://jenkins.jx.35.205.149.20.nip.io/me/configure
unable to automatically find API token with chromedp using URL http://jenkins.jx.35.205.149.20.nip.io/me/configure
retrying after error:Running in batch mode and no default api token found
Unfortunatly, I'm running those install script from an Ansible docker container. As a consequence, I have no chrome installed in container (neither do I have an X environment and window manager).
So why is this token retrieved ? And is there a way to set it "by hand" (through another jx command, as an example) ?
there’s currently no other way with Jenkins to get an API token until we move to ephemeral / one shot masters rather than static masters.
We could disable the use of Chrome though? If it cannot use Chrome to get the API token the code asks you to visit the URL and copy/paste the api token from the Jenkins console
I'm a newbie trying to implement the Google Calendar API into a web-based app and after following the instructions that they provide to the t, fetching information only works for about 20 minutes (while the access token is still valid). I understand that you need a refresh token in order to generate a new access token, but running this script from the terminal (which google provided in their documentation) doesn't provide a refresh token.
The code I executed in terminal:
google-api oauth-2-login --scope=https://www.googleapis.com/auth/calendar --client- id=CLIENT_ID --client-secret=CLIENT_SECRET
This generated a .yaml file with all of my keys which looks like this:
---
mechanism: oauth_2
scope: SCOPE_HERE
client_id: CLIENT_ID_HERE
client_secret: CLIENT_SECRET_HERE
access_token: ACCESS_TOKEN_HERE
refresh_token:
And the code that they provided if the access token expires:
oauth_yaml = YAML.load_file('.google-api.yaml')
client = Google::APIClient.new
client.authorization.client_id = oauth_yaml["client_id"]
client.authorization.client_secret = oauth_yaml["client_secret"]
client.authorization.scope = oauth_yaml["scope"]
client.authorization.refresh_token = oauth_yaml["refresh_token"]
client.authorization.access_token = oauth_yaml["access_token"]
if client.authorization.refresh_token && client.authorization.expired?
client.authorization.fetch_access_token!
end
service = client.discovered_api('calendar', 'v3')
So, according the yaml file, client.authorization.refresh_token is always 'nil', and it never gets a new access token. Also, client.authorization.expired? always returns false, even after the app has stopped working.
I've seen some other questions on here pertaining to the same issue, but since I'm generating my tokens via a terminal command, I'm not really sure how to go about getting that refresh token.
You need to specify that you want offline access to get a refresh token: access_type=offline
See https://developers.google.com/accounts/docs/OAuth2WebServer#offline
I'm starting with the Google APIs Client Library for Python. I'm developing with the Drive API. I'm migrating my web application from the deprecated Document List API v3 to Drive API V2.
When I add some permissions on a document via BatchHttpRequest, only one of these permissions is effectively added to the document. The others are ignored.
Below a sample code:
def callback(request_id, response, exception):
if exception is not None:
logger.debug(exception)
else:
logger.debug(response)
batch = BatchHttpRequest(callback) # from apiclient.http
batch.add(drive_client.permissions().insert(body=permission_1))
batch.add(drive_client.permissions().insert(body=permission_2))
...
batch.add(drive_client.permissions().insert(body=permission_n))
batch.execute()
Only user permissions are added. The default entry ("anyone") is ignored. Response is always logged, so everything seems to run fine.
If I execute each call separately, all the permissions are added.
I have read the page on implementing OAuth that Twitter have written. I've registered my app, it will only access my account, so I skip all the request token stuff. I have, from the "Your apps" page:
consumer token
consumer token secret
access token
access token secret
I write some ruby code and test its output against Beginner’s Guide to OAuth (suggested reading in the Twitter docs). I get the same output, i.e. the signature, the base string and the Authorization headers are identical.
However, when I connect to the Twitter Rest API and try the verify credentials command the response is invariably "Incorrect signature".
I try using different code (very similar to mine) from a gist by erikeldridge on github but it doesn't work either. Instead of connecting via cURL (using the curb library) I use Net/Http - same error response is returned.
I change over to using the OAuth gem. It uses Net/Http to connect. Same error response comes back.
Verify credentials isn't the only command I've tried to use in the API, but they all give the same error, whether it's GET or POST, requires extra params or not. I've been using the Search API successfully using the curb library without problems so I don't think it's the connection method.
What might I do to fix this?
Ruby 1.9.2; cURL 7.21.2; oauth 0.4.4; curb 0.7.8; json 1.4.6; OSX 10.6.5;
Even though your application is only accessing your data, you can't simply 'skip the request token stuff'. The request token is integral to the OAuthentication process.
Summarised, the 3 main parts of the OAuth process are as follows:
Get Request Token Key and Request Token Secret
Use Request Token to authorise application to access your data. This will provided the user(you) with a PIN
Use the PIN to exchange the Request Token and Secret for an Access Token and Secret.
A more detailed OAuthentication flow can be found here.
It's fixed - I regenerated the Consumer key and secret on the Twitter site and it started working. I've no idea why the previous set didn't work - the code was solid (works all the time now) and the details were correct. Perhaps they (Twitter) could provide more detailed error messages? But I'm happy :)