Google’s OAuth 2.0 authorization, a small oversight by its developers and Python

You can interact with most Google services through an open API (Application programming interface). Full authorization (OAuth 2.0) is required to get the most out of the interaction experience. But unlike similar authorization procedures, say, in the VK API, everything is somewhat more complicated with Google, especially given the slight oversight of its developers. In the Google API documentation itself, it seems that there is not quite enough information for successful full authorization. A summary of my experience formed the basis of the presentation of the six steps of successful full authorization.

  1. From here you can startto get a general idea

  2. Followed by set up consent screen (To create an OAuth client ID, you must first configure your consent screen – including creating your own application)

    Sample Application
    Sample Application

    I chose User type: External. Scopes did not change

  3. (optional) Interaction protocols user, application and server

    Protocol illustration example
    Protocol illustration example

  4. Create OAuth client ID. I created a Web client and a Desktop client (can be linked to the same application). Get Client ID and Client Secret and save JSON file with credentials inside

  5. To check that everything was successful, generate a simple request in API Explorer, for example, as here. Curiously, Google’s Python packages are installed as google-api-python-client and google-auth-oauthlib google-auth-httplib2 , but imported as googleapiclient and google_auth_oauthlib

  6. Replace a line of code in a request credentials = flow.run_console() on credentials = flow.run_local_server() . If everything is done correctly, it turns out approximately So.

    Further reading is not required. But if the reason for the need for such a replacement is interesting, then I’ll tell you: since 2022, the following process has been taking place: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration Apparently, the developers from Google forgot to fix the API Explorer code generator. Therefore, without replacement, the following happens: if the request is written correctly, the link Please visit this URL to authorize this application appears to obtain the authorization code

    If you do not replace, then the Out-of-Band (OOB) flow is executed
    If you do not replace, then the Out-of-Band (OOB) flow is executed

    But the authorization code cannot be obtained because Error 400: invalid_request The out-of-band (OOB) flow has been blocked in order to keep users secure. Follow the Out-of-Band (OOB) flow migration guide linked in the developer docs below to migrate your app to an alternative method. Request details: redirect_uri=urn:ietf:wg:oauth:2.0:oob

    If not replaced, then Error 400: invalid_request The out-of-band (OOB)
    If not replaced, then Error 400: invalid_request The out-of-band (OOB)

Thank you for your attention!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *