5

I am making a calender app which allows users to give permission to access their google calendars and then my app will allow them to view and edit their calendars displayed in my own custom style.

It is based on this Google "quickstart" sample.

It currently works fine locally, but I have failed so far to get it to run when hosted on pythonanywhere.com (where the URL will be http://myname.pythonanywhere.com).

With my working local version, the credentials.json file I am using starts with "installed": which AFAICT corresponds to a "Desktop App" and the "redirect_uris": contains ["urn:ietf:wg:oauth:2.0:oob", "http://localhost”]. (The "http://localhost" makes sense but I have no idea why there is a second uri "urn:ietf:wg:oauth:2.0:oob")

{
    "installed": {
        "client_id": "XXXXXXXXXXXXXXXX.apps.googleusercontent.com",
        "project_id": "my_great_calendar",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_secret": "XXXXXXXXXXXXX",
        "redirect_uris": [
            "urn:ietf:wg:oauth:2.0:oob",
            "http://localhost"
        ]
    }
}

Correct me if I'm wrong, but I assume that this credentials.json file can't possibly work when hosted at myname.pythonanywhere.com and I will need to create a new one (on Google's "APIs and Services" page) made by declaring the project as a "web application"? and telling google my redirect uri is "http://myname.pythonanywhere.com"?

If there was a way to have a single credentials.json file that would work both locally and on pythonanywhere?

EDIT: The quickstart sample employs InstalledAppFlow.from_client_secrets_file which I now think is wrong. it might need to somehow employ google_auth_oauthlib.flow.Flow.from_client_secrets_file() instead.... as described here.

Mick
  • 8,284
  • 22
  • 81
  • 173

1 Answers1

1

You can have a single Client ID / Client Secret pair that supports multiple redirect URIs fine:

  • Go to APIs and Services
  • Go to Credentials
  • Find your client ID
  • Click Edit (pencil icon)
  • Under "Authorized redirect URIs" you can add more of them.
  • Save

The JSON will then contain the two redirect URIs. I don't know how their library picks which one to use, so you probably want to explicitly specify it, by passing a redirect_uri param:

flow = Flow.from_client_secrets_file('client_secrets.json', redirect_uri='http://blah.pythonanywhere.com/')

To know which one to use, you can either pass some configuration when starting your server (such as an environment variable or command line flag), or make your server detect it automatically looking at the Host header.

Dirbaio
  • 2,921
  • 16
  • 15
  • In order to have a Client ID in the first place you must click "create credentials", then click "OAuth client ID" then select "application type" - what should be selected there? If you select "desktop app", will it also work on a server? If you select "web app" will it also work locally? Would you employ "InstalledAppFlow.from-client-secrets-file" in your python code in both cases? – Mick May 20 '20 at 08:22
  • If you want a desktop and web app, Google's recommendation is to create 2 client IDs, each of the right type. If you create them in the same project, once the user has authorized one of them, the others won't re-ask for authorization, so it's transparent to the user. https://developers.google.com/identity/protocols/oauth2/cross-client-identity – Dirbaio May 20 '20 at 12:31
  • Sadly in that case you do need two different json's – Dirbaio May 20 '20 at 12:31