Rectangle 27 1

login: admin instructs Google App Engine to restrict URLs matching the given pattern to users who are authenticated with Google AND are Administrators of your Google App Engine project. There is no way to use standard HTTP Basic Authentication with this restriction. If you have a valid oAuth Bearer token you can pass it in the header in requests.get to handle the required authentication.

python - How to send request to url that is set to 'login:admin' in go...

python google-app-engine
Rectangle 27 4

As illustrated in this python script, the header should be using 'token' not Bearer'

headers = {
  'Content-Type':'application/json',
  'Authorization': 'token %s' % token,
}

(That script doesn't use curl, but give an idea of the header)

curl -H "Authorization: token OAUTH-TOKEN"

And the POST message must be complete as well (as in this python script)

issue = {'title': title,
         'body': body,
         'assignee': assignee,
         'milestone': milestone,
         'labels': labels}
# Add the issue to our repository
r = session.post(url, json=issue)

(again, not curl, but gives you an example of the body)

Ah, indeed, see this section in the documentation; the API responds with 404 Not Found to not reveal private repositories.

@MartijnPieters I agree, but github.com/kvimal/2048 is a public repo, is it not?

A direct unauthenticated GET request certainly works, but for consistency the API may still use 404 to respond to invalidly authenticated requests.

@MartijnPieters that I understand, which is why I was pointing out the strange content of the header Authorization: Bearer.

Github is probably first trying to parse the Authorization header for the token xxxx form, and if that fails, falls back to expecting Authorization: Basic. If the latter fails then a 404 is returned.

Github API Create Issues return 404 Not found - Stack Overflow

github-api
Rectangle 27 1

Ok I found the problem. It appears that the callback URL is mandatory when using flask-oauthlib. So I added a fake one since i'm still on localhost, and it solved this problem.

python - Twitter oauth with flask_oauthlib, Failed to generate request...

python twitter oauth flask flask-oauthlib
Rectangle 27 1

It looks like your question is 'How to I use my own username and password scheme to generate an OAuth token'. The short answer is that you can't, because Google OAuth only works with Google logins. The Google OAuth token is good for Google APIs, and there's no way to tell Google how to recognize your usernames for the purposes of authentication.

The longer answer is that you can use your own authentication scheme separately from Google sign-in if you want to give users that option. You could use any number of third party libraries to do this or roll your own. These users won't have access to Google's APIs that require authentication though (such as the Users API) so you'll have to devise a way to keep those user's data separate from each other, and use a service account or application default credentials to access any external Google APIs on behalf of those users.

So if I understand this correctly, I only need to use Google OAuth if I want to access something like Google Search or Google Translate (Google APIs), but if I don't need access to them and only need to access my own datastore, then there is no need for Google OAuth. This way I could have my own username and hashed password stored in datastore, and then have the user login with that username and password.

That's essentially it except of course it's also used for some built-in App Engine APIs as well such as the Users API - cloud.google.com/appengine/docs/python/users.

How to use OAuth for username and password with Google App Engine Pyth...

python google-app-engine oauth google-oauth
Rectangle 27 0

Make sure to get a refresh token too in case your server is done processing after the Oauth token has expired. There is a Calendar Python client library that you can use on the server (https://developers.google.com/google-apps/calendar/downloads) and there is a Java client library you should be able to use on the client (https://developers.google.com/accounts/docs/OAuth2InstalledApp#libraries).

android - How to insert events into Google Calendar from server with c...

android google-calendar google-oauth
Rectangle 27 0

I had this problem and I fixed it only set my timestamp with the server. Ex: I'm from Brazil and my server is EUA, I had to reduce 2 hours on my timestamp = -7200. So it works very well, I think that this is a little bug, because others APIs don't have the same error.

I ended up exporting everything as CSV or JSON and parsing that. However, i'm not working in that project anymore, i asked my fellows on the other company to try this one and it worked, thank you very much!.

django - Yahoo OAuth API Rejects my timestamp for Access Token (Python...

python django oauth timestamp yahoo
Rectangle 27 0

Make sure to get a refresh token too in case your server is done processing after the Oauth token has expired. There is a Calendar Python client library that you can use on the server (https://developers.google.com/google-apps/calendar/downloads) and there is a Java client library you should be able to use on the client (https://developers.google.com/accounts/docs/OAuth2InstalledApp#libraries).

android - How to insert events into Google Calendar from server with c...

android google-calendar google-oauth
Rectangle 27 0

If you only want to access public resources like user timelines you can do so via the code below.

# OBS: If you want to look at per user details and make status updates
# you want the OAuth1 version. This is only for publicly available
# resources such as user timelines.

from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import BackendApplicationClient

# Credentials you get from registering a new application
client_id = '<the id you get from github>'
client_secret = '<the secret you get from github>'

# TODO remove

client_id = 'VVq5UniipB5nXFAqtTA'
client_secret = 'PlaHnaSDbeY4eYkv8XiqxS1nzGWyKoq5WYSNjdeaw'

client_id = 'I1Xi7fOeYnA9jabyvGUaZxY20'
client_secret = 'k5PZpINooRpjAfQccGwLUr2ZMEtRJtoX8cKaooHjKewWupxRBG'

token_url = 'https://api.twitter.com/oauth2/token'

client = BackendApplicationClient(client_id)
twitter = OAuth2Session(client_id, client=client)

headers = {
    'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'
}
twitter.fetch_token(token_url, headers=headers, auth=(client_id, client_secret))

# Only public resources available to this application-only clients.
r = twitter.get('https://api.twitter.com/1.1/statuses/user_timeline.json?count=100&screen_name=twitterapi')
print r.content

Make sure you use the github version of the libraries

pip install git+https://github.com/idan/oauthlib.git
pip install git+https://github.com/requests/requests-oauthlib.git

python - OAuth generates expired bearer token - Stack Overflow

python twitter oauth
Rectangle 27 0

Or maybe I could keep track of the life of a token and in case my computation says it's expired then ask for another.

This is what I would recommend. Persist the expiry of the current token somewhere and before you make a request, check to see if the token has expired. If it has, use the refresh token with the access token methods to retrieve a fresh access token. The refresh_token method could look something like this:

def refresh_token():
    if not expired():
        return

    # OAuth 2.0 example
    data = {'client_id':client_id,
            'client_secret': client_secret,
            'grant_type': 'refresh_token',
            'refresh_token': refresh_token}

    return service.get_access_token(data=data)

Because the exact process can vary slightly from provider to provider, it isn't documented by rauth. Perhaps we should make a note of this general pattern in the docs, however.

Thanks Max, I'm going to try your suggestion. If I'm not wrong you are Rauth author, thank you for the support.

Yes, I am the author. Please let me know if you have further questions.

No Max, it doesn't work. I do this: service = rauth.OAuth2Service(...) data = {.as you suggested...} return service.get_access_token(data=data) but I got this error: `KeyError: 'Decoder failed to handle access_token with data as returned by provider. A different decoder may be needed. Provider returned: {"access_token":"xxxxxxxxxxxxxx","token_type":"bearer","expires_in":604800}'

def str2dict(x):     import ast     return ast.literal_eval(x)      def refresh_token()     ...     f = str2dict     return service.get_access_token(data=data, decoder=f)

Sorry for the code all compacted.. How insert new lines or code sections here in StackOverflow comments ?

oauth - How to refresh a token with Rauth python library? - Stack Over...

python oauth rauth
Rectangle 27 0

os.urandom provides access to the operating systems random number generator

EDIT: If you are using linux and are very concerned about security, you should use /dev/random/ directly. This call will block until sufficient entropy is available.

This can be a good solution if the underlying speudo-random number generator is cryptographically secure.

python - Generating crypto-secure strings for OAuth tokens - Stack Ove...

python oauth cryptography
Rectangle 27 0

This sounds exactly like a problem I ran into, but I came to a different (possible) solution.

It looks like all the query string parameters are being included twice, which is described in this bug report: https://github.com/simplegeo/python-oauth2/issues/21

Stripping the query string parameters as the issue described fixed it for me.

python - Invalid signature error when trying to generate request token...

python oauth provider pyramid consumer
Rectangle 27 0

You usually use some open-source or third party oauth2 provider to generate the tokens (usually they are JWTs) for you.

Are you using any python frameworks like Django or Flask?

authentication - generating oauth tokens on server side in python - St...

authentication oauth
Rectangle 27 0

You should probably save the token in a config file in the user's home directory. Preferably, you can restrict permissions on the file to make sure that only that user may access the config file.

How to store OAuth token for Github in a Python script? - Stack Overfl...

python oauth github github-api
Rectangle 27 0

Computers (without special hardware) can only generate pseudo random data. After a while, all speudo-random number generators will start to repeat themselves. The amount of data it can generate before repeating itself is called the period.

A very popular pseudo-random number (also used in Python in the random module) generator is the Mersenne Twister. But it is deemed not suitable for cryptographic purposes, because it is fairly easy to predict the next iteration after observing only a relatively small number of iterates.

Operating systems like FreeBSD, OpenBSD and OS X use the Yarrow algorithm for their urandom devices. So on those systems using os.urandom might be OK, because it is well-regarded as being cryptographically secure.

Of course what you need to use depends to a large degree on how high your requirements are; how secure do you want it to be? In general I would advise you to use published and tested implementations of algorithms. Writing your own implementation is too easy to get wrong.

Edit: Computers can gather random data by watching e.g. the times at which interrupts arrive. This however does not supply a large amount of random data, and it is therefore often used to seed a PRNG.

To my understanding the kernel is supposed to gather random data from available sources.

It's noteworthy that all modern processors contain hardware random sources.

python - Generating crypto-secure strings for OAuth tokens - Stack Ove...

python oauth cryptography
Rectangle 27 0

Here's an example in Python 3.3, of how to obtain the bearer token you can use for application only requests using the requests package and assuming the values consumer_key and consumer_secret hold your Twitter API consumer key and secret respectively :

import base64
import requests

# get bearer token for application only requests
bearer_token_credentials = base64.urlsafe_b64encode(
    '{}:{}'.format(consumer_key, consumer_secret).encode('ascii')).decode('ascii')
url = 'https://api.twitter.com/oauth2/token'
headers = {
    'Authorization': 'Basic {}'.format(bearer_token_credentials),
    'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
}
data = 'grant_type=client_credentials'
response = requests.post(url, headers=headers, data=data)
response_data = response.json()
if response_data['token_type'] == 'bearer':
    bearer_token = response_data['access_token']
else:
    raise RuntimeError('unexpected token type: {}'.format(response_data['token_type']))

The bearer token can then be used to create the authorization headers for your requests like this:

headers = {
    'Authorization': 'Bearer {}'.format(bearer_token),
    'Accept-Encoding': 'gzip',
}

python - OAuth Access Token request (Twitter API) and oauth_verifier f...

python twitter oauth twitter-oauth
Rectangle 27 0

A helpful person at etrade clarified for the doc-challenged that all oauth api requests (whether you are working in the sandbox or not) need to be sent to the main api url: 'https://etws.etrade.com/oauth/{api}'.

It is only after authenticating a session that the sandbox urls should be used: 'https://etwssandbox.etrade.com/{non-oauth-module}/sandbox/rest/{api}'.

In case others are having problems authenticating a session with etrade in python3, this works in the sandbox at least:

from rauth import OAuth1Service
import webbrowser 

def getSession():
    # Create a session
    # Use actual consumer secret and key in place of 'foo' and 'bar'
    service = OAuth1Service(
              name = 'etrade',
              consumer_key = 'foo',
              consumer_secret = 'bar',
              request_token_url = 'https://etws.etrade.com/oauth/request_token',
              access_token_url = 'https://etws.etrade.com/oauth/access_token',
              authorize_url = 'https://us.etrade.com/e/t/etws/authorize?key={}&token={}',
              base_url = 'https://etws.etrade.com')

    # Get request token and secret    
    oauth_token, oauth_token_secret = service.get_request_token(params = 
                                  {'oauth_callback': 'oob', 
                                   'format': 'json'})

    auth_url = service.authorize_url.format(consumer_key, oauth_token)

    # Get verifier (direct input in console, still working on callback)
    webbrowser.open(auth_url)
    verifier = input('Please input the verifier: ')

    return service.get_auth_session(oauth_token, oauth_token_secret, params = {'oauth_verifier': verifier})

# Create a session
session = getSession()

# After authenticating a session, use sandbox urls
url = 'https://etwssandbox.etrade.com/accounts/sandbox/rest/accountlist.json'

resp = session.get(url, params = {'format': 'json'})

print(resp)

Getting an oauth request token from etrade in Python - Stack Overflow

python oauth etrade-api
Rectangle 27 0

Make sure to get a refresh token too in case your server is done processing after the Oauth token has expired. There is a Calendar Python client library that you can use on the server (https://developers.google.com/google-apps/calendar/downloads) and there is a Java client library you should be able to use on the client (https://developers.google.com/accounts/docs/OAuth2InstalledApp#libraries).

android - How to insert events into Google Calendar from server with c...

android google-calendar google-oauth