11

I am using google_auth_oauthlib.flow in Python to authorize Google Oauth 2 account. My code looks like this:

from google_auth_oauthlib.flow import InstalledAppFlow

flow = InstalledAppFlow.from_client_secrets_file(
    "client_secret_929791903032.apps.googleusercontent.com.json",
    scopes=['profile', 'email'])

flow.run_local_server(open_browser=False)

session = flow.authorized_session()

profile_info = session.get(
    'https://www.googleapis.com/userinfo/v2/me').json()

print(profile_info)

Basing on run_local_server() document, I tried to set open_browser=False but then Google provided me an URL to authorize, it looks like this https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=929739191032-hpdm8djidqd8o5nqg2gk366efau34ea6q.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=profile+email&state=oHJmupijpVH2gJEPqTogVVHIEtbVXcr&access_type=offline

After clicking to the provided link, my browser automatically opened with the UI named Sign in with Google, then I have to sign in manually on the browser.

So my question is how to open the authorization URL without opening browser? I want my code automatically authorize without doing manually.

Community
  • 1
  • 1
Analytics POPSWW
  • 255
  • 2
  • 4
  • 8
  • you need to provide more information. From the URL it looks like you are asking for the user's profile + email. How would you like users to give you permission to see their Google email without them logging in to Google to do so? – pinoyyid Jan 19 '19 at 12:21
  • @pinoyyid yes. That is what I want. without logging or automatically logging – Analytics POPSWW Jan 23 '19 at 03:19

1 Answers1

10

So my question is how to open the authorization URL without opening browser? I want my code automatically authorize without doing manually.

If you are using G Suite, you can create a service account and enable Domain Wide Delegation to assume the identity of a G Suite user. This only works for users that are part of your G Suite domain.

If you are not using G Suite, you cannot bypass the user authentication screen the first time a user comes to your website. Once a user authenticates with offline access, you can save the Refresh Token to use in the future.

Authentication and Authorization is between the client (user) and Google Accounts. Your software is not involved in the credentials part (username, password, etc.). The user must grant permission to Google Accounts to allow your services to access the user's Google Identity.

[EDIT 1/22/2019 - after question on how to save the refresh token]

The following code with authorize and save the refresh token:

# pip install google-auth-oauthlib
from google_auth_oauthlib.flow import InstalledAppFlow

# https://google-auth-oauthlib.readthedocs.io/en/latest/reference/google_auth_oauthlib.flow.html

flow = InstalledAppFlow.from_client_secrets_file(
    'client_secrets.json',
    scopes=['https://www.googleapis.com/auth/cloud-platform'])

cred = flow.run_local_server(
    host='localhost',
    port=8088,
    authorization_prompt_message='Please visit this URL: {url}',
    success_message='The auth flow is complete; you may close this window.',
    open_browser=True)

with open('refresh.token', 'w+') as f:
    f.write(cred._refresh_token)

print('Refresh Token:', cred._refresh_token)
print('Saved Refresh Token to file: refresh.token')
John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Could you please tell me how to save the Refresh Token as you already mentioned? – Analytics POPSWW Jan 23 '19 at 03:18
  • @AnalyticsPOPSWW - I updated my answer with code to show you how to save the refresh token. Copy this code into a new file. Modify the 'client_secrets.json' path to your Client Secrets from Google and modify the scopes for the permissions you need. – John Hanley Jan 23 '19 at 03:50
  • Oh thanks. Additional question, how to use it after having the token file? In my old code `credentials = flow.run_local_server()` `return build(API_SERVICE_NAME, API_VERSION, credentials=credentials)`. Now after I have `.token` file. I remove the line `credentials = flow.run_local_server()` and `return build(API_SERVICE_NAME, API_VERSION,credentials=read_token_in_the_file` Right? – Analytics POPSWW Jan 23 '19 at 05:02
  • Please limit your questions to one topic per SO question. This question is expanding. Close this question and open another question so that everyone benefits. Ping me here when you have the new question. – John Hanley Jan 23 '19 at 05:51
  • I upvoted your answer. Please answer the question above. Or tell me how to ping you on SO – Analytics POPSWW Jan 23 '19 at 06:10
  • this is my question, this link: https://stackoverflow.com/questions/54321848/how-to-use-refresh-token-google-api-in-python – Analytics POPSWW Jan 23 '19 at 07:16
  • @AnalyticsPOPSWW were you able to resolve your issue of not opening up the browser to authorize access to the GDrive files ? As I am stuck on a similar issue . Would be great if you could please share the steps to resolve it. I am having a oAuth2 client_secret.json which I am using to authorize and list files in the drive, I am then using the credentials.json file from service account to read the content. However, I would like to automate it without the need to authorize manually, and run the script from AWS EC2 instance. – Satya Mar 17 '21 at 19:12
  • @JohnHanley I wanted to ask does flow.run_local_server() only for localhost? If not what changes are required for production ? – anonymous Dec 09 '21 at 05:03
  • @anonymous - Create a new question. – John Hanley Dec 09 '21 at 17:33
  • @JohnHanley I already did. Can you please look into this. https://stackoverflow.com/questions/70270177/how-to-fix-504-gateway-time-out-while-connecting-to-google-calendar-api – anonymous Dec 10 '21 at 02:13
  • @anonymous - I just posted a comment on your question to help you get started. – John Hanley Dec 10 '21 at 03:05