2

I'm trying to use p2/OAuth2 to access my documents on Google Drive.

I downloaded the sample Mac app and ran it, and it shows a Google "OAuth consent screen", and I click the "Allow" button, and it all works. So I think the sample code is good.

Then I logged into the Google APIs console, and:

  1. enabled all the APIs that seemed like they might be relevant to this test (getting my name and user info): "Google Drive API", "Contacts API", "People API", "Google IAM API", etc.
  2. created a "project" for my application
  3. created a new "OAuth client ID" (credentials) for my app

I pasted my client_id into the OAuth2App sample, in place of the demo client_id/client_secret, and it fails. It shows the "OAuth consent screen" in a sheet, with the name of my application, but when I click "Allow", it just says "Forbidden".

Things I've tried that didn't help:

  • I've found this page which says creating a client ID of type "Other" in Google doesn't work, and I need to choose iOS. I've tried both "Other" and "iOS" types, and both give me "Forbidden".

  • With type "Other", it gives me a client_secret, as well. I don't want or need that, because this is a local app, but I found this question which suggests it doesn't matter to Google. I tried every way:

    • With the correct client_secret, I get "Forbidden".
    • With an incorrect client_secret, I get "Unauthorized".
    • With no client_secret, I get "client_secret is missing".

    So I know it's checking that for type="Other", and doesn't seem to care that it's absent for type="iOS". In any event, since it's a different error when that's wrong/missing, that doesn't seem to be my problem here.

  • I turned on oauth.verbose to see if there's anything useful, but the logs are identical to the successful case (stock IDs), except for the values of some of the IDs/tokens.

How did p2/OAuth2 create a client_id for Google that works? Why is mine only returning "Forbidden"?

Ssswift
  • 916
  • 10
  • 20
  • I found https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html and tried `oauth.authConfig.authorizeEmbedded=false`, which opens an external browser, but when I copy the code and click the "Paste" button it still just says "Forbidden". I don't really trust that blog post, anyway, because there are no notifications on the consent page for iOS clients, as they claim. – Ssswift Nov 24 '17 at 19:50
  • The Google APIs console says "There are no errors" and "There is no traffic", so it appears that whatever is happening isn't worthy enough to Google to warrant logging. – Ssswift Nov 24 '17 at 23:12
  • If still don't work by using installed application then you'll need to share your code in detail. This description don't give much idea about your problem. – Divya Dec 04 '17 at 06:40
  • @Divya: The link to the exact code is given in the second sentence. What more detail do you need? – Ssswift Dec 05 '17 at 21:10

1 Answers1

1

If it is your Local app, You'll need to select the installed option while selecting the type, and use Web Athorization Broker

this link might be helpful, its unsolved but has solution for the point you are stuck.

1.) ClientID and ClientSecret both are necessary while using installed application.

--> Also check your network rights if it is allowing the Drive api, that can also give Forbidden Error

Divya
  • 1,203
  • 2
  • 13
  • 31
  • This just leads to many more questions. 1. "Installed" is not one of the available options: https://imgur.com/a/iPTb6 -- I would think "iOS" is a kind of *installed* app, but as I said above, that choice doesn't work. – Ssswift Dec 05 '17 at 21:12
  • 2. I don't see how that link is helpful. It uses a completely different language and Oauth library. It creates two Oauth client_ids in the Google Console, and simply says that one "works fine". It doesn't say exactly what settings were used in the Google API Console, and the "Other" type does not work for me here. – Ssswift Dec 05 '17 at 21:16
  • 3. I don't know what "Web Athorization Broker" (sic) is, but it seems to be a feature of Google's Java and .NET libraries. I'm using `p2/OAuth2`, so that's not helpful. If I'm mistaken and it's a general feature of Oauth, can you explain how it would be helpful to me here? How do I tell Google API Console to use that? Because the sample application I'm using does work with *some* Google client_id values. – Ssswift Dec 05 '17 at 21:19
  • 4. As I said in the question (step 1), the "Google Drive API" was already enabled in the Google API Console. What exactly do you mean by "check your network rights"? – Ssswift Dec 05 '17 at 21:27