Menu
I have an application that I have approved as an authorized API client with openid and email scopes. I still get the "Your domain administrator has approved access" splash screen as documented here. The solution is to not request offline access via the access_type parameter.
My authorization flow is built with flow_from_clientsecrets(), and I don't see any way to pass the access type as a parameter like with OAuth2WebServerFlow. Is there a way to specify that the application doesn't need refresh tokens with the client library?
531
I'm just getting into using the Google API Python client library myself and found myself in your exact same situation. From what I've read flow_from_clientsecrets() only returns a Flow with a basic set of arguments applied. It turns out it's much more simple to just make your own OAuth2WebServerFlow object and apply whatever extra arguments you need.
Here's a solution I was able to cobble together after poring over the samples in the googleapiclient and oauth2client libraries:
# Returns a flow that will prompt for offline access, thus receiving
# a refresh_token in the auth object that gets returned
def prepare_flow(secrets_path, scope):
# Grab settings from the client_secrets.json file provided by Google
with open(secrets_path, 'r') as fp:
obj = json.load(fp)
# The secrets we need are in the 'web' node
secrets = obj['web']
# Return a Flow that requests a refresh_token
return OAuth2WebServerFlow(
client_id=secrets['client_id'],
client_secret=secrets['client_secret'],
scope=scope,
redirect_uri=secrets['redirect_uris'][0],
access_type='offline',
approval_prompt='force')
You can replace replaced the call to flow_from_clientsecrets with a call to the above function:
flow = prepare_flow(client_secrets, scope)
I just ran a clean authentication using this Flow and verified the presence of a refresh_token in the auth payload that was returned from Google.
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
