-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Confirm OAuth OOB and Implement Temporary Workaround #231
Comments
Sounds good. Would you be able to make a PR for this?
This PR won't solve the problem though. The problem is that CLI auth method won't work anymore. After this PR is merged it'll be throwing an exception. You need to migrate either to the |
Hi. Can it affect somehow on authentication with One the other hand, if my |
@yeralexey
Could you publish the complete message you are getting? |
The code i am using is:
By manual authentification i mean when i have no "settings.yaml" file in my project folder, only "client_secrets.json". So browser gets opened on page, where i need to confirm authentification by clicking. Download works fine, unless mimetype of the file is not "application/vnd.google-apps.document", in this case i get "The requested conversion is not supported. [400]" )))) When i run it with this exaple, configured with my credentials data and with credentials.json in project folder appeared (so "save_credentials: True" in settings file) i get this:
|
Bump @shcheklein First of all thank you so much for all our work on this library. I have a few questions about this OOB issue I was hoping you could comment on. I've been tasked with correcting this OOB situation at my company. We're using this library on a self hosted Ubuntu 22 Server build server that receives Github Actions Workflows jobs. Once our artifacts are compiled we LOVE using pydrive2 to upload them to GoogleDrive! Thanks again. When I test the upload script manually on my desktop machine when using the gauth.CommandLineAuth() the browser window on my desktop pops up the OAuth window from Google and it's very clear that this method is no longer supported. I see this message in by browser before accepting the token: "To help protect your account, Google will soon block apps that don’t comply with Google’s security policies. When I change my upload script to use gauth.LocalWebserverAuth() as you suggested, I am not presented with the message about unsupported OAuth flows when presented with the acceptance page in my browser. Great. My question then is how is gauth.LocalWebserverAuth() supposed to work on headless systems with no browser? If I needed a new Actions self hosted runner which is running Ubuntu 22 Server - there is no desktop, there is no browser. This wasn't a problem with CommandlineAuth() because you can use a different browser to get the authorization number and paste that into the terminal on the headless Ubuntu Server. Can you make a suggestion as to how one might get a credentials for pydrive2 on a headless server? A note to people reading this. As long as your Client App's OAuth2 "type" is "Desktop" the OOB issue doesn't appear to have anything to do with needing an updated token of a different type. You just need to use gauth.LocalWebserverAuth() as @shcheklein pointed out at the beginning of this thread. |
How do you run the command line one btw? You have to SSH then from time to time, right? If you can do that then may be you can setup an SSH tunel from a local machine to remote and open that link locally?
Alternative is the use of the service account flow + delegation to mitigate some limitations (e.g. service account by default creates files in its "domain" and has space constraints (1 2) |
Thanks for the rapid response! Correct. I have access to the self-hosted runners via SSH all the time. An SSH port redirect tunnel is a very clever solution to my problem - I didn't even think of it! I'll try that. Seems like the "right" solution for build automation servers is to move to a proper service account, thanks for clarifying. Any idea how one loads those credentials into pydrive2? I'll take a look. |
I think if it's about automation the best way is to use an ENV variable, read it in the code and pass as json string. PyDrive2 init supports that. |
This morning (Sept 12) a PyDrive reliant script of ours failed. The full stacktrace is below. The script ran successfully last week, and there have been no changes to the configuration on our end. I think this is due to Google's impending removal of support for OAuth Out-of-Band flow.
Google's migration docs indicate that users can
The Migrating to Google Auth Library PR is open. If it will not be merged in short order, I suggest implementing the temporary workaround.
Stacktrace
The text was updated successfully, but these errors were encountered: