Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using Google OAuth on localhost

I started to use OAuth with Python and Django. I need it for Google APIs. I working on localhost, so I can't register a domain for url-callback. I've read about that Google OAuth could be used with anonymous domain. Can't find, how and where I can do that?

Edit:

I have this view:

def authentication(request):
    CONSUMER_KEY = 'xxxxx'
    CONSUMER_SECRET = 'xxxxx'
    SCOPES = ['https://docs.google.com/feeds/', ]

    client = gdata.docs.client.DocsClient(source='apiapp')
    oauth_callback_url = 'http://%s/get_access_token' % request.META.get('HTTP_HOST')
    request_token = client.GetOAuthToken(
      SCOPES, oauth_callback_url, CONSUMER_KEY, consumer_secret=CONSUMER_SECRET)
   domain = '127.0.0.1:8000'
   return HttpResponseRedirect(
        request_token.generate_authorization_url(google_apps_domain=domain))

And this error:

Sorry, you've reached a login page for a domain that isn't using Google Apps. Please check the web address and try again.

Registered via https://code.google.com/apis/console/

Edit:

CONSUMER_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
CONSUMER_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxx'
SCOPES = ['https://docs.google.com/feeds/', ]
DOMAIN = 'localhost:8000'


def authentication(request):    
    client = gdata.docs.client.DocsClient(source='apiapp')
    oauth_callback_url = 'http://%s/get_access_token' % DOMAIN

    request_token = client.GetOAuthToken(SCOPES,
                                     oauth_callback_url,
                                     CONSUMER_KEY,
                                     consumer_secret=CONSUMER_SECRET)

    return HttpResponseRedirect(
        request_token.generate_authorization_url())


def verify(request):
    client = gdata.docs.client.DocsClient(source='apiapp')
    f = open('/home/i159/.ssh/id_rsa')
    RSA_KEY = f.read()
    f.close()

    oauth_callback_url = 'http://%s/get_access_token' % DOMAIN

    request_token = client.GetOAuthToken(SCOPES,
                                     oauth_callback_url,
                                     CONSUMER_KEY,
                                     rsa_private_key=RSA_KEY)
    return HttpResponseRedirect(
        request_token.generate_authorization_url(google_apps_domain=DOMAIN))

The error:

Unable to obtain OAuth request token: 400, Consumer does not have a cert: xxxxxxxxxxxxxxx.apps.googleusercontent.com

like image 547
I159 Avatar asked Oct 02 '11 12:10

I159


People also ask

Can you use OAuth on localhost?

Setup steps To test a web OAuth client you can still use a localhost deployment, provided you have administrator (superuser) permissions to modify the local lookup table for hostnames.


2 Answers

Just to be clear, you can use the web application flow with localhost while developing on either OAuth 1.0 or OAuth 2.0. OAuth 2.0 should be preferred as it's the mechanism we are focussed on. The user experience for OAuth 2.0 is going to be substantially better.

There's nothing stopping you from using localhost as your callback URL. I do this myself all the time. You just need to make sure the callback URL matches exactly, including any port numbers, and you can't deploy your application that way for obvious reasons. Installed applications are more complicated, but if you're doing something with Django, it's possible to take advantage of the fact that OAuth 2.0 is a bearer-token system. As long as you're keeping the refresh token server-side, you can authenticate with your own application out-of-band and then send the bearer token to the installed application. Your installed application will have roughly a one-hour window in which to make calls before you'll need to repeat the process. This can happen transparently to the user in most cases. Transmission of the bearer token should happen over an encrypted channel.

like image 169
Bob Aman Avatar answered Oct 11 '22 12:10

Bob Aman


OAuth 1.0 for Installed Applications

Besides that, you probably don't want to include your actual CONSUMER_KEY and CONSUMER_SECRET in the example code.

like image 26
Cody Hess Avatar answered Oct 11 '22 12:10

Cody Hess