Custom GoogleOAuth2 backend

[Greg Barker]

Hello -

For certain users I need to request permission to a different scope. I was thinking I could accomplish this by creating a custom backend based off the GoogleOAuth2 backend:

class GoogleAdminAuth(GoogleOAuth2):
    name = 'google-admin-auth'

    EXTRA_DATA = {
        'access_type': 'offline'
    }

    def get_scope(self):
        return [
            'email',
            'https://www.googleapis.com/auth/admin.directory.group.readonly'
        ]

I added this custom one to my backends:

AUTHENTICATION_BACKENDS = (
    'social.backends.google.GoogleOAuth2',
    'myapp.auth.GoogleAdminAuth',
    'django.contrib.auth.backends.ModelBackend',
)


In my template I then use {% url 'social:begin' 'google-admin-auth' %} for the users I need additional access granted.

I'm getting a 401 invalid_client error though from Google. It works fine if I use {% url 'social:begin' 'google-oauth2' %}

What am I missing here?

[Matias Aguire]

Do you have these settings defined?

SOCIAL_AUTH_GOOGLE_ADMIN_AUTH_KEY = '...'
SOCIAL_AUTH_GOOGLE_ADMIN_AUTH_SECRET = '...'

--
Matías Aguirre
http://matiasaguirre.net/

[Greg Barker]

Yup that was it. Got a lot further with those defined! Thanks Matías.

The problem I'm having now is that the UserSocialAuth record that is generated with my custom backend has an empty dict for Extra data. I expected it to have an access_token in there.

Am I specifying the EXTRA_DATA correctly in my custom backend?

Greg

[Matias Aguire]

That "EXTRA_DATA" is wrong, I think you are confusing it's purpose and
the format is broken.

EXTRA_DATA attribute is used to define values that later will be taken
from the server response and stored in the "extra_data" attribute in the
UserSocialAuth instance.

Then, there's "authentication extra parameters", those are parameters that
are added during the authentication process and sent to the authentication
provider, in your case "access_type=offline" is a common parameter in
Google OAuth that's used to tell Google to return an "refresh_token"
too, that can be used to renew the access_token once it's expired.

These parameters are defined like this (following your example):

SOCIAL_AUTH_GOOGLE_ADMIN_AUTH_AUTH_EXTRA_ARGUMENTS = {
'access_type': 'offline'
}

Also, in your "get_scope()" override, you might want to call super() too.

Hope that helps,
Matías

Greg Barker <fle...@fletchowns.net> writes:
> Yup that was it. Got a lot further with those defined! Thanks Matías.
>
> The problem I'm having now is that the UserSocialAuth record that is
> generated with my custom backend has an empty dict for Extra data. I
> expected it to have an access_token in there.
>
> Am I specifying the EXTRA_DATA correctly in my custom backend?
>
> Greg
>
> On Wednesday, April 15, 2015 at 8:53:53 AM UTC-7, Matías Aguirre wrote:
>>
>>
>> Do you have these settings defined?
>>
>> SOCIAL_AUTH_GOOGLE_ADMIN_AUTH_KEY = '...'
>> SOCIAL_AUTH_GOOGLE_ADMIN_AUTH_SECRET = '...'
>>

[Greg Barker]

Works great now, thank you so much for your help Matías!!