Google OAuth2 requesting offline access
852 views
Skip to first unread message
Dominic Preuss
Nov 7, 2013, 6:09:07 PM11/7/13
to python-so...@googlegroups.com
I have been digging through the docs and the code, can can't find the answer to this.
When I switched from Django social-auth to python social-auth, I lost the ability to add extra arguments.
What is the variable to send extra arguments? I need to request offline access to get a refresh token in the extra data.
When I switched from Django social-auth to python social-auth, I lost the ability to add extra arguments.
Many of the variable names in the settings.py file changed, but the docs still had the old variables names (but the code was updated). I was able to figure them all out except this one.
What is the variable to send extra arguments? I need to request offline access to get a refresh token in the extra data.
Is it:
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'access_type': 'offline'}
Or, there appears to be a new version :
SOCIAL_AUTH_GOOGLE_OAUTH_REQUEST_TOKEN_EXTRA_ARGUMENTS = {'access_type': 'offline'}
Is there another way to request offline access for Google OAuth2? Here are my current scopes:
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE =[
]
Can someone point me in the right direction?
Thanks, in advance.
Dominic
Simon Litchfield
Apr 16, 2014, 7:27:31 PM4/16/14
to python-so...@googlegroups.com
Yes I had the same issue, these are important settings for Google and unfortunately not documented.
Looking at the code I can see two possible settings but haven't yet confirmed how they're used. Note the subtle OAUTH_ and OAUTH2_ difference.
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'access_type': 'offline'}
SOCIAL_AUTH_GOOGLE_OAUTH2_REQUEST_TOKEN_EXTRA_ARGUMENTS = {'access_type': 'offline'}
Greg Barker
May 6, 2014, 5:39:34 PM5/6/14
to python-so...@googlegroups.com
I added the following to my settings.py:
SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'access_type': 'offline'}
Now my UserSocialAuth.extra_data has an additional key, refresh_token. I was able to refresh the token using code similar to the reddit example:from social.apps.django_app.utils import load_strategy
from django.contrib.auth.models import User
user = User.objects.get(pk=2395)
social = user.social_auth.filter(provider='google-oauth2')[0]
social.refresh_token(strategy=strategy, redirect_uri='http://localhost:8000/complete/google-oauth2/')
How do I know when I need to refresh the token? Or does it happen automatically?from django.contrib.auth.models import User
user = User.objects.get(pk=2395)
social = user.social_auth.filter(provider='google-oauth2')[0]
social.refresh_token(strategy=strategy, redirect_uri='http://localhost:8000/complete/google-oauth2/')
Greg Barker
May 6, 2014, 7:06:28 PM5/6/14
to python-so...@googlegroups.com
Whoops forgot a line in my example:
Perhaps we could get this example added to the Google backend docs similar to the reddit backend docs?
strategy = load_strategy('google-oauth2')
As far as when to refresh the token, I think I've found the answer. The Google API responds with a 401 after the access_token expires, and then you do the refresh_token. My expires_in was 3600, so I guess that means seconds since my last post was an hour ago (and the google docs don't indicate units).Perhaps we could get this example added to the Google backend docs similar to the reddit backend docs?
Matías Aguirre
May 6, 2014, 7:44:34 PM5/6/14
to Greg Barker, python-social-auth
Looks like you answered your question already. Any API call with an expired
access token will drop an error by the provider, 401 in the case of google, so
it's easy to identify in that way. You can use the expires_in to check it, but
there's no date to get as reference in the application, but you can add
a pipeline to function that will add that to details and then tell the
application to store it in extra data, something like this:
import time
def set_current_date(details, *args, **kwargs):
details['updated_at'] = int(time.time())
And the setting:
SOCIAL_AUTH_GOOGLE_OAUTH2_EXTRA_DATA = ['updated_at']
I'll happy to merge a PR with this added to the docs.
Matías
Excerpts from Greg Barker's message of 2014-05-06 20:06:28 -0300:
> > :
--
Matías Aguirre (matias...@gmail.com)
access token will drop an error by the provider, 401 in the case of google, so
it's easy to identify in that way. You can use the expires_in to check it, but
there's no date to get as reference in the application, but you can add
a pipeline to function that will add that to details and then tell the
application to store it in extra data, something like this:
import time
def set_current_date(details, *args, **kwargs):
details['updated_at'] = int(time.time())
And the setting:
SOCIAL_AUTH_GOOGLE_OAUTH2_EXTRA_DATA = ['updated_at']
I'll happy to merge a PR with this added to the docs.
Matías
Excerpts from Greg Barker's message of 2014-05-06 20:06:28 -0300:
> Whoops forgot a line in my example:
>
> strategy = load_strategy('google-oauth2')
>
> As far as when to refresh the token, I think I've found the answer. The
> Google API responds with a 401 after the access_token expires, and then you
> do the refresh_token. My expires_in was 3600, so I guess that means seconds
> since my last post was an hour ago (and the google docs<https://developers.google.com/accounts/docs/OAuth2WebServer#offline>don't indicate units).
>
> strategy = load_strategy('google-oauth2')
>
> As far as when to refresh the token, I think I've found the answer. The
> Google API responds with a 401 after the access_token expires, and then you
> do the refresh_token. My expires_in was 3600, so I guess that means seconds
>
> Perhaps we could get this example added to the Google backend docs similar
> to the reddit backend docs?
>
> On Tuesday, May 6, 2014 2:39:34 PM UTC-7, Greg Barker wrote:
> >
> > I added the following to my settings.py:
> >
> > SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'access_type': 'offline'}
> >
> > Now my UserSocialAuth.extra_data has an additional key, refresh_token. I
> > was able to refresh the token using code similar to the reddit example<http://www.google.com/url?q=http%3A%2F%2Fpsa.matiasaguirre.net%2Fdocs%2Fbackends%2Freddit.html&sa=D&sntz=1&usg=AFQjCNH60DwWzPAo3dfwDPyumLoCM-kcdA>
> Perhaps we could get this example added to the Google backend docs similar
> to the reddit backend docs?
>
> On Tuesday, May 6, 2014 2:39:34 PM UTC-7, Greg Barker wrote:
> >
> > I added the following to my settings.py:
> >
> > SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'access_type': 'offline'}
> >
> > Now my UserSocialAuth.extra_data has an additional key, refresh_token. I
> > :
Matías Aguirre (matias...@gmail.com)
Reply all
Reply to author
Forward
0 new messages