I'm getting an invalid client error. Client works for auth_code.authorize_url, but not for auth_code.get token
relevant code:
CLIENT_ID = "$$$.apps.googleusercontent.com"
CLIENT_SECRET = "secret"
REDIRECT_URI = 'http://localhost:3000'
client = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET,
site: 'https://accounts.google.com',
token_url: '/o/oauth2/token',
authorize_url: '/o/oauth2/auth')
url = client.auth_code.authorize_url(scope: "https://www.google.com/m8/feeds",
redirect_uri: REDIRECT_URI)
puts url
code = "taken from url" #line 20
token = client.auth_code.get_token(code, :redirect_uri => REDIRECT_URI)
Error message:
/.rvm/gems/ruby-2.2.1/gems/oauth2-1.0.0/lib/oauth2/client.rb:113:in `request': invalid_client: (OAuth2::Error)
{
"error" : "invalid_client"
}
from /.rvm/gems/ruby-2.2.1/gems/oauth2-1.0.0/lib/oauth2/client.rb:138:in `get_token'
from /.rvm/gems/ruby-2.2.1/gems/oauth2-1.0.0/lib/oauth2/strategy/auth_code.rb:29:in `get_token'
from oauth.rb:20:in `<main>'
One clarification I think I need is that say the code given from the url is /?code=$code$ do I use just the $code$?(currently doing this) or code=$code$
Thanks in advance for the help
Fixed:
The answer was the allow offline mode when initializing the client. I was also using a code I had previously used.
changed this:
client = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET,
site: 'https://accounts.google.com',
token_url: '/o/oauth2/token',
authorize_url: '/o/oauth2/auth')
to this:
client = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET,
site: 'https://accounts.google.com',
token_url: '/o/oauth2/token',
authorize_url: '/o/oauth2/auth',
additional_parameters: {"access_type" => "offline"} ) #new line
Related
I'm new to Ruby and I'm trying to implement a oauth2 with client credentials flow.
I've found the "ouath2" gem, but that requires a redirect_uri that I don't have.
Here is the gem.
Here is what I'm trying to implement
secret_id = 'this-is-a-secret-id'
token_id = 'this-is-a-token-id'
scope = 'such-a-good-scope'
grant_type = 'client_credentials'
#client = nil
# Get access token
def GetAccessToken
HttpRequest request = HttpRequest::Post("https://awesome-page.com/oauth/token")
request.content = {
{ "client_id" => token_id },
{ "client_secret" => secret_id }
{ 'grant_type' => grant_type },
{ 'scope' => scope}
}
response = request.send
json = response.content
accessToken = JsonConvert.DeserializeObject<Token>(json)
#client = Client.new(bearer: accessToken)
end
# Refresh token
def RefreshToken
HttpRequest request = HttpRequest::Post("https://awesome-page.com/oauth/token")
request.content = {
{ "client_id" => token_id },
{ "client_secret" => secret_id }
{ 'grant_type' => grant_type },
{ 'refresh_token' => scope}
}
response = request.send
json = response.content
accessToken = JsonConvert.DeserializeObject<Token>(json)
#client = Client.new(bearer: accessToken)
end
# End then implementing the "getting the resources with the client" part and so on...
Any idea how to do this, I'm getting a little bit desperate now
Any help is greatly appreciated!
You’re kind of going about this all wrong. With the Oauth2 gem you need to:
Initialise a new Oauth2::Client with your client ID, secret, scope, and define the token and redirect url (this is a url in your app that users logging in get sent back to. Not used for Client Credentials flow as it’s for server to server comms)
Call token = client.client_credentials.get_token. This sets token to an AccessToken it obtained.
Then call token.get(‘https://your-url.com/path/to/resource’) - or post/patch/delete.
Look at the access_token.rb file in the repo to see the methods you can call. They also take a series of params, for things like additional headers or body payload you can pass. It’s based on Faraday so you can always look up Faraday docs for help with that part.
I have a mobile app that is signin in with google and sending a server auth code to my backend app.
I want to use this code, along with the client secrets from the google developer console, to retrieve a refresh code for retrieving data from google drive when the user is offline.
Google provides an client for auth calls in ruby, but it seems not to be maintained lately and I could not see a way to do this kind of authorisation in the docs.
In the documentation, I could find an example of how to do this on python:
from oauth2client import client
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code)
I would like to do this in ruby through a post to their https://www.googleapis.com/oauth2/v4/token endpoint. Here is what I've tried so far:
require 'uri'
require 'net/http'
require 'json'
url = URI("https://www.googleapis.com/oauth2/v4/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
headers = {'Content-Type': 'application/json'}
request = Net::HTTP::Post.new(url.request_uri, headers)
request.body = {
code: "#{server_auth_code_sent_to_api}",
client_id: "#{client_id_from_developer_console}",
client_secret: "#{client_secret_from_developer_console}",
grant_type: 'authorization_code',
redirect_url: '',
}.to_json
response = http.request(request)
puts JSON.parse(response.read_body)
But I keep getting the following error:
{
"error": "unsupported_grant_type",
"error_description": "Invalid grant_type: "
}
Does anybody has an idea on what I'm doing wrong, or has a working example on how to do this kind of authorisation?
Thanks in advance.
In case somebody stumbles here with a similar problem, what caused the request to fail was the Content-Type, and not the grant_type parameter.
Digging around in the code for the client library I saw that they use application/x-www-form-urlencoded the endpoint expects a application/x-www-form-urlencoded content type. I adjusted my code accordingly and was able to get a successful response with the valid credentials and token.
Here follows the resulting code:
require 'uri'
require 'net/http'
require 'json'
url = URI("https://www.googleapis.com/oauth2/v4/token")
params = {
"code" => "#{server_auth_code_sent_to_api}",
"client_id" => "#{client_id_from_developer_console}",
"client_secret" => "#{client_secret_from_developer_console}",
"grant_type" => "authorization_code",
"redirect_url" => "#{redirect_url_from_developer_console}",
}
response = Net::HTTP.post_form(url, params)
puts JSON.parse(response.read_body)
I'm trying to allow my app to log into Spotify via their Authorization Code Flow. I am able to receive an authorization code from Spotify in the initial authorization step, but receive the following error when trying to get an access token:
{"error":"invalid_client","error_description":"Invalid client"}
My code is as follows:
# Callback from Spotify Authorization
get '/auth/spotify/callback' do
session[:code] = params[:code]
redirect to '/refresh'
end
Then, I am POSTing the following:
get '/refresh' do
uri = URI('https://accounts.spotify.com/api/token')
resp = Net::HTTP.post(uri,
{
"grant_type" => "authorization_code",
"code" => session[:code].to_s,
"redirect_uri" => "http://localhost:4567/auth/spotify/callback",
"client_id" => client_id,
"client_secret" => client_secret
}.to_json
)
"#{resp.body}"
end
Any help would be appreciated
EDIT: I've also tried to POST the same parameters above using PostMan, but receive the same error message
You need to add the Authorization header in your POST request.
Add the following key in your Net::HTTP.post options :
{'Authorization' => 'Basic YOUR_AUTH_CODE' }
EDIT :
This is in the docs under the 'Your application requests refresh and access tokens' heading.
To answer my own question:
I didn't need to make the request since the gem I was using, 'omniauth-spotify', could return the access token to me in request.env['omniauth.auth'].credentials.token
I was also creating the POST request incorrectly. The example below is the correct way to make a POST and obtain a new token from a refresh_token (provided in the above .credentials hash)
# Get new access token from refresh token
# session[:creds] = request.env['omniauth.auth'].credentials
get '/refresh' do
refresh_token = session[:creds].refresh_token
auth = "Basic " + Base64.strict_encode64("#{client_id}:#{client_secret}")
uri = URI.parse('https://accounts.spotify.com/api/token')
request = Net::HTTP::Post.new(uri)
request["Authorization"] = auth
request.set_form_data(
"grant_type" => "refresh_token",
"refresh_token" => refresh_token,
)
req_options = {
use_ssl: uri.scheme == "https",
}
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request(request)
end
"#{response.code}" # > 200 OK
end
My project is to crawl the certain web data and put them into my Google spreadsheet every morning 9:00. And it has to get the authorization to read & write something. That's why the code below is located at the top.
# Google API
CLIENT_ID = blah blah
CLIENT_SECRET = blah blah
OAUTH_SCOPE = blah blah
REDIRECT_URI = blah blah
# Authorization_code
def get_authorization_code
client = Google::APIClient.new
client.authorization.client_id = CLIENT_ID
client.authorization.client_secret = CLIENT_SECRET
client.authorization.scope = OAUTH_SCOPE
client.authorization.redirect_uri = REDIRECT_URI
uri = client.authorization.authorization_uri
Launchy.open(uri)
# Exchange authorization code for access token
$stdout.write "Enter authorization code: "
client.authorization.code = gets.chomp
client.authorization.fetch_access_token!
client.authorization
end
authorization_code = get_authorization_code
access_token = authorization_code.access_token
session = GoogleDrive.login_with_oauth(access_token)
But with this in the code, even though I set up the cron job, I probably have to wake up in the morning and Enter authorization code to get it done. But I don't want to.
Please tell me how I can solve this problem.
Solved thanks to Ruby google_drive gem oAuth2 saving
I needed to get a refresh token and make my code use it like below.
CLIENT_ID = '!!!'
CLIENT_SECRET = '!!!'
OAUTH_SCOPE = 'https://www.googleapis.com/auth/drive'
REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'
REFRESH_TOKEN = '!!!'
client = Google::APIClient.new
client.authorization.client_id = CLIENT_ID
client.authorization.client_secret = CLIENT_SECRET
client.authorization.scope = OAUTH_SCOPE
client.authorization.redirect_uri = REDIRECT_URI
client.authorization.refresh_token = REFRESH_TOKEN
client.authorization.refresh!
access_token = client.authorization.access_token
session = GoogleDrive.login_with_oauth(access_token)
I'm trying to use the google-api-client gem to access the Google Search API for Shopping. Unfortunately, I can't seem to authenticate despite creating an access_token through the Google APIs Console.
Here is my code:
client = Google::APIClient.new
client.authorization.access_token = "<MY_CONSOLE_ACCESS_TOKEN>"
client.authorization.scope = "https://www.googleapis.com/auth/shoppingapi"
shopping = client.discovered_api("shopping", "v1")
response = client.execute(api_method: shopping.products.list,
parameters: { source: "public" })
When I view response.data, I see an error message though:
#<Google::APIClient::Schema::Shopping::V1::Products:0x809d6e14 DATA:{"error"=>{"errors"=>[{"domain"=>"global", "reason"=>"authError", "message"=>"Invalid Credentials", "locationType"=>"header", "location"=>"Authorization"}], "code"=>401, "message"=>"Invalid Credentials"}}>
What am I doing wrong?
Of course I figure it out minutes after posting. I'll share what worked for anyone else who has the same question.
client = Google::APIClient.new(authorization: nil)
shopping = client.discovered_api("shopping", "v1")
response = client.execute(key: "<MY_ACCESS_TOKEN>",
api_method: shopping.products.list,
parameters: { source: "public", country: "US" })