oauth2decorator_from_clientsecrets causes error in development server after deployment

[Jorge Arévalo]

Hello,

I was using the Python OAuth2 decorator in my Google App Engine application. I downloaded the client secrets as a json file from API console. After deploying the app to appspot.com, the local version (localhost:8080) is no longer working. The call to decorator.has_credentials() returns false. The appspot version works fine.

Code snippet (simplified)

CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json')

oauth2_decorator = oauth2decorator_from_clientsecrets(
    CLIENT_SECRETS,
    scope='https://www.googleapis.com/auth/calendar',
    message=MISSING_CLIENT_SECRETS_MESSAGE)


class MyRequestHandler(webapp2.HandleRequest):
  @oauth2_decorator.oauth_aware
  def get(self):
    if oauth2_decorator.has_credentials():
      # do stuff...
    else:
      self.out.write("<html><body>Invalid credentials</body></html>")


app = webapp2.WSGIApplication([
    ('/', MyRequestHandler),
    (oauth2_decorator.callback_path, oauth2_decorator.callback_handler())
], debug=True)

This is the content of my client_secrets.json, without sensible information

{"web":  
  {
    "auth_uri":"https://accounts.google.com/o/oauth2/auth",
    "client_secret":"MY_CLIENT_SECRET",
    "token_uri":"https://accounts.google.com/o/oauth2/token",
    "client_email":"MY_CLI...@developer.gserviceaccount.com",
    "redirect_uris":[
      "http://MY_APP_NAME.appspot.com",
      "http://localhost:8080"
    ],    
    "client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/MY_CLI...@developer.gserviceaccount.com",
    "client_id":"MY_CLIENT_ID.apps.googleusercontent.com",
    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
    "javascript_origins":[
      "http://MY_APP_NAME.appspot.com",
      "http://localhost:8080"
    ]
  }
}

I'm getting "Invalid credentials" in my local machine. Works fine in appspot.com. It worked in my machine before deploying in appspot.

What can be happening?

Thanks in advance

[Jorge Arévalo]

Ok, I was so stupid. I forgot to provide an authorization link to the user for the first time, instead of an error.

CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json')

oauth2_decorator = oauth2decorator_from_clientsecrets(
    CLIENT_SECRETS,
    scope='https://www.googleapis.com/auth/calendar',
    message=MISSING_CLIENT_SECRETS_MESSAGE)


class MyRequestHandler(webapp2.HandleRequest):
  @oauth2_decorator.oauth_aware
  def get(self):
    if oauth2_decorator.has_credentials():
      # do stuff...
    else:

      self.out.write(oauth2_decorator.authorize_url())

app = webapp2.WSGIApplication([
    ('/', MyRequestHandler),
    (oauth2_decorator.callback_path, oauth2_decorator.callback_handler())
], debug=True)

Now it's working fine :-).

    "client_email":"MY_CLIENT_ID@developer.gserviceaccount.com",

    "redirect_uris":[
      "http://MY_APP_NAME.appspot.com",
      "http://localhost:8080"
    ],

    
    "client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/MY_CLIENT_ID@developer.gserviceaccount.com",

    "client_id":"MY_CLIENT_ID.apps.googleusercontent.com",
    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
    "javascript_origins":[
      "http://MY_APP_NAME.appspot.com",
      "http://localhost:8080"
    ]
  }
}