def request_oauth2_credentials(): ''' Steps: 1. Set authorization parameters 2. Redirect to Google's OAuth 2.0 server 3. Google prompts the user for consent 4. Handle the OAuth 2.0 server response 5. Exchange authorization code for refresh and access tokens ''' # Use the client_secret.json file to identify the application requesting # authorization. The client ID (from that file) and access scopes are required. flow = Flow.from_client_secrets_file(CLIENT_SECRETS_FILE, scopes=[YOUTUBE_UPLOAD_SCOPE]) # Indicate where the API server will redirect the user after the user completes # the authorization flow. The redirect URI is required. The value must exactly # match one of the authorized redirect URIs for the OAuth 2.0 client, which you # configured in the API Console. If this value doesn't match an authorized URI in your # Google API's account you will get a 'redirect_uri_mismatch' error. flow.redirect_uri = REDIRECT_URI # Generate URL for request to Google's OAuth 2.0 server. # Use kwargs to set optional request parameters. authorization_url, state = flow.authorization_url( # Enable offline access so that you can refresh an access token without # re-prompting the user for permission. Recommended for web server apps. access_type='offline', # Enable incremental authorization. Recommended as a best practice. include_granted_scopes='true', ) # Your application redirects the user to Google along with the list of requested permissions. # The user decides whether to grant the permissions to your application. print(authorization_url) # To-DO: This step should be handled by a web server automatically and should not require user input when in production authorization_response = input( "Go to the above url, allow permissions and then when you get redirected to a new page, paste the url here" ) # After the web server receives the authorization code, it can begin the exchange the authorization code for an access token. # First verify the authoriation server response by providing the same state token to protect against XSRF flow = Flow.from_client_secrets_file(CLIENT_SECRETS_FILE, scopes=[YOUTUBE_UPLOAD_SCOPE], state=state) flow.redirect_uri = REDIRECT_URI # Then exchange the authorization respnse (which contains the auth code) to get the credentials flow.fetch_token(authorization_response=authorization_response) credentials = flow.credentials return credentials
def callback(): """ Step 3: Retrieving an access token. The user has been redirected back from the provider to your registered callback URL. With this redirection comes an authorization code included in the redirect URL. We will use that to obtain an access token. """ # print('Getting back from callvack :') state = session['oauth_state'] google = Flow.from_client_secrets_file('client_secrets.json', scopes=scopes, redirect_uri=redirect_uri, state=state) token = google.fetch_token(authorization_response=request.url) client = bigquery.Client(project=project, credentials=google.credentials) query_job = client.query(query_string) rows = query_job.result() out = "" for row in rows: out = out + '<br/>' + str(row) return out
def get(): # Specify the state when creating the flow in the callback so that it can # verified in the authorization server response. result = MongoDB.instance().authorization.find_one({ 'service': 'calendar-service', 'type': 'state' }) state = result['state'] flow = Flow.from_client_secrets_file('.secrets/credentials.json', SCOPES, state=state) flow.redirect_uri = request.args.get('redirect_uri') # Use the authorization server's response to fetch the OAuth 2.0 tokens. authorization_response = request.url flow.fetch_token(authorization_response=authorization_response) # Store credentials in mongo. credentials = flow.credentials MongoDB.instance().authorization.replace_one( { 'service': 'calendar-service', 'type': 'credentials' }, credentials_to_dict(credentials), upsert=True, ) return make_response({'message': 'Successfully authorized.'}, 200)
def ViewCourseWork(chat_id, course_id): course_id = '' creds = None pickleToken_path = "AddCourse/" + str(chat_id) + "_token.pickle" credentials_path = "AddCourse/credentials.json" if os.path.exists(pickleToken_path): with open(pickleToken_path, 'rb') as token: creds = pickle.load(token) if not creds or not creds.valid: if creds and creds.expired and creds.refresh_token: creds.refresh(Request()) else: flow = Flow.from_client_secrets_file(credentials_path, SCOPES) creds = flow.run_local_server(port=users) with open(pickleToken_path, 'wb') as token: pickle.dump(creds, token) service = build('classroom', 'v1', credentials=creds) students_list = service.courses().courseWork().list( courseId=course_id).execute() return students_list
def oauth2callback(): # Specify the state when creating the flow in the callback so that it can # verified in the authorization server response. state = session['state'] flow = Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=None, state=state, redirect_uri=url_for('oauth2callback', _external=True) ) # Use the authorization server's response to fetch the OAuth 2.0 tokens. authorization_response = request.url flow.fetch_token(authorization_response=authorization_response) # Store credentials in the session. # ACTION ITEM: In a production app, you likely want to save these # credentials in a persistent database instead. credentials = flow.credentials session['credentials'] = credentials_to_dict(credentials) return redirect('/')
def load_credentials(): Path.mkdir(CONFIG_PATH, exist_ok=True) flow = Flow.from_client_secrets_file( CREDENTIALS_PATH, SCOPES, redirect_uri='urn:ietf:wg:oauth:2.0:oob') token = open_file(TOKEN_PATH, formatter=json.loads) return create_credentials(token, flow)
def credentialsCheck(self): print('credentialsCheck::starting') if not self.creds or not self.creds.valid: if self.creds and self.creds.expired \ and self.creds.refresh_token: self.creds.refresh(Request()) else: ''' pathChecks is done here, this will only run at first launch after checking, we set the defaults values programmatically. ''' self.pathChecks([self.config, self.download_path]) self.createConfigBody() flow = Flow.from_client_secrets_file( self.client_id, header.SCOPES, redirect_uri='urn:ietf:wg:oauth:2.0:oob') self.flow = flow (auth_url, _) = flow.authorization_url(prompt='consent') pyotherside.send('authUrl', str(auth_url))
def oauth2callback(): flow = Flow.from_client_secrets_file( CLIENT_SECRET, scopes=SCOPES, redirect_uri=flask.url_for( 'oauth2callback', _external=True )) if 'code' not in flask.request.args: auth_url, state = flow.authorization_url( access_type="offline", include_granted_scopes='true' ) flask.session['state'] = state return flask.redirect(auth_url) else: state = flask.session['state'] flow.state = state auth_code = flask.request.args.get('code') flow.fetch_token(code=auth_code) credentials = flow.credentials flask.session['credentials'] = creds_to_dict(credentials) return flask.redirect(flask.url_for('index'))
def get_flow( redirect_uri: str, path_to_secrets: str, verification_string: str, state=None, ) -> 'Flow': ''' Utility method to handle OAuth conversation with Google Params: ------- redirect_uri: str Path to callback endpoint path_to_secrets: str Path to json file containing oauth secrets verification_string: str Random string to serve as an auth check on the callback ''' flow = Flow.from_client_secrets_file( path_to_secrets, scopes=os.environ.get('SCOPES').split(','), state=state, ) flow.redirect_uri = redirect_uri flow.code_verifier = verification_string return flow
def GetCourses(chat_id): creds = None pickleToken_path = "GetCourses/" + str(chat_id) + "_token.pickle" credentials_path = "GetCourses/credentials.json" if os.path.exists(pickleToken_path): with open(pickleToken_path, 'rb') as token: creds = pickle.load(token) if not creds or not creds.valid: if creds and creds.expired and creds.refresh_token: creds.refresh(Request()) else: flow = Flow.from_client_secrets_file(credentials_path, SCOPES) creds = flow.run_local_server(port=users) with open(pickleToken_path, 'wb') as token: pickle.dump(creds, token) service = build('classroom', 'v1', credentials=creds) results = service.courses().list().execute() courses = results.get('courses', []) answer = [] if not courses: answer.append('No courses found.') else: answer.append('Courses:') for course in courses: answer.append(course['name']) return answer
def get_credentials(): """Generates new credentials for google api. TODO: google_auth has yet to implement storage, so that may have wait for another day. TODO: This also doesn't automatically open in your browser. """ # We only need read permissions. scopes = [ 'https://www.googleapis.com/auth/drive.readonly', 'https://www.googleapis.com/auth/spreadsheets.readonly' ] flow = Flow.from_client_secrets_file( 'client_secret.json', scopes, redirect_uri='urn:ietf:wg:oauth:2.0:oob') auth_url, _ = flow.authorization_url(prompt='consent') print('Go to') print(auth_url) print('and copy Auth Code') code = input('Enter auth code: ') print("Fetching Token.") flow.fetch_token(code=code) return flow.credentials
def s_complete(request): state = request.GET.get('state') # scope = ["https://www.googleapis.com/auth/userinfo.email.read", " https://www.googleapis.com/auth/userinfo.profile"] code = request.GET.get('code') prompt = request.GET.get('prompt') request.session['user'] = {} request.session['user']['state'] = state flow = Flow.from_client_secrets_file(BASE + '/accounts/client_secret.json', scopes=None, state=state) flow.redirect_uri = f'{settings.HOST}/complete/google-oauth2/' try: req_state = request.META['QUERY_STRING'] if "state" in request.META[ 'QUERY_STRING'] else request.scope['query_string'] except: req_state = None print(req_state) print(state, code, prompt, sep="\n") authorization_response = request.get_raw_uri() if state in str(req_state): flow.fetch_token(authorization_response=authorization_response) credentials = flow.credentials service = build('people', 'v1', credentials=credentials) profile = service.people().get( resourceName='people/me', personFields='emailAddresses').execute() print(profile) user = AllProcedures.getUserWithEmail( profile['emailAddresses'][0]['value']) if user: return _login(request, user, "a", True) request.session['user']['email'] = profile['emailAddresses'][0][ 'value'] return redirect("accounts:selectusertype")
def authorize(): ''' Create a flow instance to manage the OAuth2 Authorization Grant Flow steps .. :quickref: User; Create a flow instance to manage the OAuth2 ''' # Check if user is logged_in, then redirect to main page. if session.get('logged_in', None): flash('You are already logged in.', 'warning') return redirect(url_for('main.list_categories')) # Create the flow instance using the client secret file flow = Flow.from_client_secrets_file(app.config['CLIENT_SECRET_FILE'], scopes=app.config['SCOPES']) # Add the redirect_uri to the oauth2session flow.redirect_uri = url_for('.oauth2callback', _external=True) # Generate the Authorization URL. Step 1 in the Oauth2.0 Authorization Flow authorization_url, state = flow.authorization_url( # Enable offline access to prevent re-prompting the user for permission access_type='offline', # Enable incremental authorization. include_granted_scopes='true') # Store the state in the session to verify the callback. session['state'] = state # Redirect the user to Google OAuth page to obtain consent return redirect(authorization_url)
def doauth(): print('in /doauth') client_config_str = os.getenv('GOOGLE_CLIENT_SECRETS', None) if client_config_str: client_config = json.loads(client_config_str) flow = Flow.from_client_config(client_config=client_config, scopes=SCOPES) else: # Create flow instance to manage the OAuth 2.0 Authorization Grant Flow steps. flow = Flow.from_client_secrets_file(CLIENT_SECRET_FILE, scopes=SCOPES) # The URI created here must exactly match one of the authorized redirect URIs # for the OAuth 2.0 client, which you configured in the API Console. If this # value doesn't match an authorized URI, you will get a 'redirect_uri_mismatch' # error. flow.redirect_uri = url_for('auth', _scheme='https', _external=True) if 'localhost' in flow.redirect_uri: flow.redirect_uri = url_for('auth', _scheme='http', _external=True) authorization_url, state = flow.authorization_url( # Enable offline access so that you can refresh an access token without # re-prompting the user for permission. Recommended for web server apps. access_type='offline', # Enable incremental authorization. Recommended as a best practice. include_granted_scopes='true') # Store the state so the callback can verify the auth server response. session['state'] = state return redirect(authorization_url)
def _get_user_authentication_credentials(client_secret_file, scopes, credential_directory=None, local=False): """Returns user credentials.""" if credential_directory is None: credential_directory = os.getcwd() elif credential_directory == 'global': home_dir = os.path.expanduser('~') credential_directory = os.path.join(home_dir, '.credentials') if not os.path.exists(credential_directory): os.makedirs(credential_directory) else: pass credentials_path = os.path.join( credential_directory, 'sheets.googleapis.com-python.json') # TODO Change hardcoded name? credentials = None if os.path.exists(credentials_path): # expect these to be valid. may expire at some point, but should be refreshed by google api client... credentials = Credentials.from_authorized_user_file(credentials_path, scopes=scopes) if credentials: if credentials.expired and credentials.refresh_token: credentials.refresh(Request()) else: if local: flow = InstalledAppFlow.from_client_secrets_file( client_secret_file, scopes) credentials = flow.run_local_server() else: flow = Flow.from_client_secrets_file( client_secret_file, scopes=scopes, redirect_uri='urn:ietf:wg:oauth:2.0:oob') auth_url, _ = flow.authorization_url(prompt='consent') print( 'Please go to this URL and finish the authentication flow: {}'. format(auth_url)) code = input('Enter the authorization code: ') flow.fetch_token(code=code) credentials = flow.credentials # Save the credentials for the next run credentials_as_dict = { 'token': credentials.token, 'refresh_token': credentials.refresh_token, 'id_token': credentials.id_token, 'token_uri': credentials.token_uri, 'client_id': credentials.client_id, 'client_secret': credentials.client_secret } with open(credentials_path, 'w') as file: file.write(json.dumps(credentials_as_dict)) return credentials
def get_credentials(): """Gets valid user credentials from storage. If nothing has been stored, or if the stored credentials are invalid, the OAuth2 flow is completed to obtain the new credentials. Returns: Credentials, the obtained credential. """ try: # Save the credentials for the next run with open('token.pickle', 'rb') as token: creds = pickle.load(token) return creds except: print("Failed to load cached credentials") flow = Flow.from_client_secrets_file(CLIENT_SECRET_FILE, scopes=[SCOPE], redirect_uri='urn:ietf:wg:oauth:2.0:oob') auth_url, _ = flow.authorization_url(prompt='consent') print('Please go to this URL: {}'.format(auth_url)) # The user will get an authorization code. This code is used to get the # access token. code = input('Enter the authorization code: ') flow.fetch_token(code=code) # Save the credentials for the next run with open('token.pickle', 'wb') as token: pickle.dump(flow.credentials, token) return flow.credentials
def set_up_youtube_tokens(): client_secrets_file = constants.YOUTUBE_CLIENT_SECRETS scopes = ["https://www.googleapis.com/auth/youtube.readonly"] # Get credentials and create an API client flow = Flow.from_client_secrets_file( client_secrets_file, scopes, redirect_uri="urn:ietf:wg:oauth:2.0:oob" ) # Get the authorization url and prompt the user to follow it auth_url, _ = flow.authorization_url(prompt="consent") print("Please go to this URL: {}".format(auth_url)) code = input("Enter the authorization code: ") flow.fetch_token(code=code) credentials = flow.credentials youtube_tokens = { "access_token": credentials.token, "refresh_token": credentials.refresh_token, "token_uri": credentials.token_uri, "client_id": credentials.client_id, "client_secret": credentials.client_secret } with open(constants.YOUTUBE_SECRETS, "w") as secrets: json.dump(youtube_tokens, secrets)
def authGoogle(client_secret_file, scopes, redirect_uri): """ Function that signs into google Parameters client_secret_file : String name of the json file containing api access information scopes : List of strings indicating the scope of the API service redirect_uri : String url where to redirect after authentication flow Returns the url for google sign in prompt and the current state to be stored in Flask session for authGoogleComplete. """ # Create flow instance to manage the OAuth 2.0 Authorization Grant Flow steps. flow = Flow.from_client_secrets_file(client_secret_file, scopes=scopes) # The URI created here must exactly match one of the authorized redirect URIs # for the OAuth 2.0 client, which you configured in the API Console. If this # value doesn't match an authorized URI, you will get a 'redirect_uri_mismatch' # error. flow.redirect_uri = redirect_uri authorization_url, state = flow.authorization_url( # Enable offline access so that you can refresh an access token without # re-prompting the user for permission. Recommended for web server apps. access_type='offline', # Enable incremental authorization. Recommended as a best practice. include_granted_scopes='true') return (authorization_url, state)
def get(): flow = Flow.from_client_secrets_file('.secrets/credentials.json', SCOPES) # The URI created here must exactly match one of the authorized redirect URIs # for the OAuth 2.0 client, which you configured in the API Console. If this # value doesn't match an authorized URI, you will get a 'redirect_uri_mismatch' # error. flow.redirect_uri = request.args.get('redirect_uri') authorization_url, state = flow.authorization_url( # Enable offline access so that you can refresh an access token without # re-prompting the user for permission. Recommended for web server apps. access_type='offline', # Enable incremental authorization. Recommended as a best practice. include_granted_scopes='true', ) # Store the state so the callback can verify the auth server response. MongoDB.instance().authorization.replace_one( { 'service': 'calendar-service', 'type': 'state' }, { 'service': 'calendar-service', 'type': 'state', 'state': state }, upsert=True, ) return {'authorization_url': authorization_url}
def get_flow(): """ Create flow object. """ return Flow.from_client_secrets_file( os.getenv('GOOGLE_SECRETS_FILE'), scopes='https://www.googleapis.com/auth/calendar.events', redirect_uri='urn:ietf:wg:oauth:2.0:oob')
def get_flow(state): # google認証フローを生成する params = {"scopes": SCOPES} if state is not None: params["state"] = state flow = Flow.from_client_secrets_file(CLIENT_SECRET_FILE, **params) flow.redirect_uri = url_for('auth.callback', _external=True) return flow
def authorize(): print("authorize request") flow = Flow.from_client_secrets_file(oauth_secrets, scopes=SCOPES) flow.redirect_uri = flask.url_for("oauth_callback", _external=True) authorization_url, state = flow.authorization_url( access_type="offline", include_granted_scopes="true") flask.session["state"] = state print(f"redirecting to {authorization_url}") return flask.redirect(authorization_url)
def prepare_login_url(self): self.flow = Flow.from_client_secrets_file(CLIENT_SECRET_FILE, scopes=SCOPES, redirect_uri=url_for( 'authenticate_user', _external=True)) return self.flow.authorization_url(access_type='offline', prompt='consent', include_granted_scopes='true')[0]
def authorize(request): flow = Flow.from_client_secrets_file(CLIENT_SECRETS_FILE, scopes=SCOPES) flow.redirect_uri = request.build_absolute_uri(reverse('ouath_callback')) authorization_url, state = flow.authorization_url(access_type='offline',\ include_granted_scopes='true', approval_prompt='force') request.session['state'] = state authorization_url = authorization_url + '/' return redirect(authorization_url)
def authorize(request): # Flow flow = Flow.from_client_secrets_file(CLIENT_SECRET_FILE, scopes=[SCOPES]) flow.redirect_uri = REDIRECT_URI authorization_url, state = flow.authorization_url( access_type='offline', prompt='consent', include_granted_scopes='true') SESSION['state'] = state print(list(request.GET.items())) return HttpResponseRedirect(authorization_url)
def gconnect(): #verify integrity of the id token # state = hashlib.sha256(os.urandom(1024)).hexdigest() # #login_session holds my string value called "state" # login_session['state'] = state # if not request.headers.get('X-Requested-With'): # abort(403) # if request.args.get('state') != login_session['state']: # response = make_response(json.dumps('Invalid state parameter.'), 401) # response.headers['Content-Type'] = 'application/json' # return response code = request.data #exchange the auth code here flow = Flow.from_client_secrets_file(CLIENT_SECRETS_FILE, SCOPES) flow.redirect_uri('http://localhost:8000/login') authorization_url, state = flow.authorization_url( access_type = 'offline', include_granted_scopes='true', prompt='select_account' ) login_session['state'] = state return redirect(authorization_url) flow = Flow.from_client_secrets_file(CLIENT_SECRETS_FILE, SCOPES, STATE=state) flow.redirect_uri = url_for('http://localhost:8000', _external=True) authorization_response = request.url flow.fetch_token(authorization_response=authorization_response) credentials = flow.credentials login_session['credentials'] = { 'token' : credentials.token, 'refresh_token' : credentials.refresh_token, 'token_uri' : credentials.token_uri, 'client_id' : credentials.client_id, 'client_secret': credentials.client_secret, 'scopes' : credentials.scopes } auth = build('oauth2', 'v2', credentials=credentials) return redirect(url_for(auth))
def google_call(request, next_call): """ :param request: :param next_call: str name of the url what will be called by google. """ # # view names that require logged in user # if next_call in REQUIRE_LOGGED_IN_URL_NAMES: # # view require logged in user # if not request.user.is_authenticated: # return redirect_to_login(request.path, login_url=reverse('login')) # if callback from google go to a view that require logged in user, and user is not looged in # redirect user if f'next_call:{not request.user.is_authenticated}' in next_call_isauthenticated_set: return redirect_to_login(request.path, login_url=reverse('login')) # Use the client_secret.json file to identify the application requesting # authorization. The client ID (from that file) and access scopes are required. flow = None try: flow = Flow.from_client_secrets_file( GOOGLE_CLIENT_FILE_PATH, SCOPES, ) except ValueError as err: print(err) return redirect('google_error') # Indicate where the API server will redirect the user after the user completes # the authorization flow. The redirect URI is required. The value must exactly # match one of the authorized redirect URIs for the OAuth 2.0 client, which you # configured in the API Console. If this value doesn't match an authorized URI, # you will get a 'redirect_uri_mismatch' error. try: # todo any better idea to make the url? # request.build_absolute_uri(reverse('view_name', args=(obj.pk, ))) TODO test if works flow.redirect_uri = '%s%s' % (request.build_absolute_uri('/')[:-1], reverse(next_call)) except KeyError as err: print(err) return redirect('google_error') # Generate URL for request to Google's OAuth 2.0 server. # Use kwargs to set optional request parameters. # Enable incremental authorization. Recommended as a best practice. # include_granted_scopes = 'true', # login_hint=request.user.is_anonymous or request.user.email, # re-prompting the user for permission. Recommended for web server apps. # prompt='consent', # Enable offline access so that you can refresh an access token without # access_type = 'offline', authorization_url, state = flow.authorization_url(**GOOGLE_OPTIONS) return redirect(authorization_url)
def get_url(self): self.flow = Flow.from_client_secrets_file( '../data/credentials.json', scopes=[ 'https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/drive.file', 'openid' ], redirect_uri='urn:ietf:wg:oauth:2.0:oob') self.auth_url, _ = self.flow.authorization_url(prompt='consent') return self.auth_url
def login_with_google(self , page): flow = Flow.from_client_secrets_file(self.file_path,**self.kwargs) authorization_url , state = flow.authorization_url( include_granted_scopes='true',prompt="select_account") session['state'] = state session['page'] = page return redirect(authorization_url)
def google_callback(self): flow = Flow.from_client_secrets_file(self._path, scopes=SCOPES) flow.redirect_uri = url_for('login_blue.google_callback', _external=True) authorization_response = request.url flow.fetch_token(authorization_response=authorization_response) credentials = flow.credentials return self.__credentials_to_dict(credentials)
def _get_user_authentication_credentials(client_secret_file, scopes, credential_directory=None): """Returns user credentials.""" if credential_directory is None: credential_directory = os.getcwd() elif credential_directory == 'global': home_dir = os.path.expanduser('~') credential_directory = os.path.join(home_dir, '.credentials') if not os.path.exists(credential_directory): os.makedirs(credential_directory) else: pass credentials_path = os.path.join(credential_directory, 'sheets.googleapis.com-python.json') # TODO Change hardcoded name? if os.path.exists(credentials_path): # expect these to be valid. may expire at some point, but should be refreshed by google api client... return Credentials.from_authorized_user_file(credentials_path, scopes=scopes) flow = Flow.from_client_secrets_file(client_secret_file, scopes=scopes, redirect_uri='urn:ietf:wg:oauth:2.0:oob') auth_url, _ = flow.authorization_url(prompt='consent') print('Please go to this URL and finish the authentication flow: {}'.format(auth_url)) code = input('Enter the authorization code: ') flow.fetch_token(code=code) credentials = flow.credentials credentials_as_dict = { 'token': credentials.token, 'refresh_token': credentials.refresh_token, 'id_token': credentials.id_token, 'token_uri': credentials.token_uri, 'client_id': credentials.client_id, 'client_secret': credentials.client_secret } with open(credentials_path, 'w') as file: file.write(json.dumps(credentials_as_dict)) return credentials