We are using the following url for Google OAuth2 v3 now.
https://accounts.google.com/o/oauth2/auth
https://www.googleapis.com/oauth2/v3/token
But, I confirmed version-up in the latest document(https://developers.google.com/identity/protocols/OAuth2WebServer).
https://accounts.google.com/o/oauth2/v2/auth
https://www.googleapis.com/oauth2/v4/token
What was changed?
If possible, we want to update it.
This is the third time i think i have seen them change them in the last five years. Exactly why they change them they never inform us. I would suspect that the new endpoints are OpenIDConnect compliant.
The old ones should continue to work for a while i have not heard anything about them shutting them down.
You can also check the Discovery document
Related
I was following this tutorial, https://towardsdatascience.com/how-to-download-twitter-friends-or-followers-for-free-b9d5ac23812, which was written in 2021. It should've worked fine, however, they have to 'fix' the things that just work.
Specifically, running this line
for fid in Cursor(api.followers_ids, screen_name=screen_name, count=5000).items():
ids.append(fid)
gives the error:
"tweepy.error.TweepError: [{'message': 'You currently have Essential access which includes access to Twitter API v2 endpoints only. If you need access to this endpoint, you’ll need to apply for Elevated access via the Developer Portal. You can learn more here: https://developer.twitter.com/en/docs/twitter-api/getting-started/about-twitter-api#v2-access-leve', 'code': 453}]"
I could have pulled the data in five minutes. Now debugging this already cost one hour+ because they just break the things that work. Is there anyway to make this old code snippet work? The application to use API 1.1 takes weeks, and I don't have time to watch their bad documents of how to migrate from API 1.1 to 2.0 and then the documents of migrating from Tweepy 3.9.0 to 4.0.0. Five minutes' task would just become half a day. Thanks in advance for any help.
First of all, have you at least tried to apply for the Elevated access?
It can take some time, it's true, but it can also be instantaneous.
The other solution would be to use the Twitter API V2.
You don't need any tutorial, just read the documentation:
Here for the authentication ;
Here for the retrieval of the followers ;
Here for the pagination.
And you should get something like that:
import tweepy
client = tweepy.Client("Bearer Token here")
paginator = tweepy.Paginator(
client.get_users_followers,
id=..., # ID only, no screename
max_results=1000
).flatten()
for follower in paginator:
print(follower.id)
Finally, even if I understand your frustration (and developing Twitter applications can be very frustrating), I think that you should try to keep it out your SO questions. Good luck!
Since Friday all of our users are seeing sporadic 302s when trying to access our in-GCP IAP protected resources. Cookies are valid, and definitely being passed with the request.
This has worked for us for two years and nothing has changed here recently past standard GKE upgrades.
Since Friday we're seeing sporadic 302s from IAP (X-Goog-IAP-Generated-Response: true) as if the cookie is invalid. I can recreate this problem using a simple curl command, with my cookie stored in a file called cookie.test.
`curl -vs -b ./cookie.test https://gitlab.mydomain.com/projects/myapp.git
This succeeds maybe 1 out of 5 times. Behaviour is very recreatable. 2 out of 5 times we'll get a response from gitlab.mydomain.com and the other 3 times we'll see a 303 to accounts.google.com. Same cookie every time, all requests within a few seconds of each other.
This is causing an enormous inconvenience for our team.
Has there been a change to IAP recently that might explain this? Do you have any other reports of similar behaviour?
Folks,
I am from the IAP team at Google. Recently IAP has made some changes to the cookie name. However, this change should have been transparent to the browser users.
For people using GCP_IAAP_AUTH_TOKEN cookie name for programmatic auth, your flows will break. The documented way to send credentials in a programmatic call is to use Authorization / Proxy-Authorization header.
https://cloud.google.com/iap/docs/authentication-howto#authenticating_a_user_account
Cookies are meant to be used for browser flows only and IAP holds complete control of the naming and format of the cookie. If you continue to use cookies to send in credentials to IAP (by reverse engineering the new format), you run a risk of being broken again by future changes in cookie name/format.
One clarification is required though. In the original post, it was mentioned that you are getting a response of 302 to accounts.google.com, is that true for browser flows also? If so, please respond back with a har file and I'll be happy to take a look.
cheers.
I have also started facing this issue since last week and have spent around 2 days troubleshooting it as initially we thought that it must be some problem on our side.
Good to know that I am not the only one facing it.
Would really appreciate some updates from Google Around it.
However, one thing I found:- There was one official blog from google around IAP:- https://cloud.google.com/blog/products/identity-security/getting-started-with-cloud-identity-aware-proxy
they have updated this blog on 19th January and removed the mention of the cookie:- GCP_IAAP_AUTH_TOKEN
However, the line they have changed is still unclear to me and very confusing
It now says :-
That token can come from either a browser cookie or, for programmatic
access, from an Authorization: bearer header.
From where will the browser cookie come, what will be its name, there is no mention around it.
Let me know if someone finds a way to get it work again.
Thanks,
Nishant Shah
I assume it has something to do with this:
For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...
https://news.ycombinator.com/item?id=17044518#17045809
but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.
My domain are obviously added on console.developers.google.com
Any ETA for fix this? Some information would be great for people who rely on it.
Google YOLO is not disabled. It is open to a small list of Google Partners.
The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.
Reference:
https://twitter.com/sirdarckcat/status/994867137704587264
Google YOLO was put on whitelist after a client-side exploit became clear to google.
People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept).
Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.
Google retroactively labeled One-Tap as a "closed beta".
https://developers.google.com/identity/one-tap/web
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.
Man, what a nightmare!
Can anybody PLEASE point me in the direction of any kind of a proper tutorial or example of how to implement an OAuth2.0 server on Restlet (2.2 or 2.1.1). The only thing resembling a tutorial that I managed to find is this one here, but don't get too excited just yet, because it seems that the code in the framework is being changed more frequently than this tutorial is being updated.
Aside from the above mentioned article, there seems to be a near complete absence of any useful search results on this matter on Google. Surely someone out there must have got this right and is using OAuth2.0 on Restlet?
I did in fact manage to get my OAuth2.0 server as far as to return an access token to me (after spending hours analyzing the source code of the AccessTokenResource.java file), but it seems that it is only validating the client id and not the client secret. Assuming I can sort that out, I am still faced with the task of actually protecting the resources (which should be the job of the OAuthAuthorizer, but that appears to no longer even be present after 2.1.1).
Any help would be greatly appreciated!!
This extension is a work in progress. Please note that OAuth 2.0 has only recently been finalized.
We are currently updating the 2.2 branch to a very recent draft (31). The code has been updated and the documentation indeed needs to follow.
2.2 is still under development and isn't ready for production. We are looking for testers and contributors (code and doc) at this point.
In 2.2 OAuthAuthorizer has been split.
See this issue for additional details:
https://github.com/restlet/restlet-framework-java/pull/644
I have written a client in C to upload files to Google Docs, I get an authentication token, and use it for the upload. However, I have 4 Google accounts, the upload worked on 2 accounts, but not the other 2. And now, it only works on one account.
On authentication, all accounts behave the same, and ClientLogin issues an "Auth=xxx" token. I use the token 100% successfully on one Google account, it used to work on another, and has never worked on the other 2.
The only error is "HTTP/1.1 401 Token invalid".
One account used to work, and now does not, which does not make much sense. The ClientLogin calls never seem to ask for a CAPTCHA.
Currently I can't invest the time to move to the Drive API, and that may present the same issues anyway.
Any thoughts?
Thank you
Garry
Try them individually first, if this works you can start combining untill all 4 works,
doing it step by step is the way to succes, I can't help you with programming code, according to the fact that I'm just a noobie :) tho I thought myself PHP by just doing it step by step, if you got 1 done, then it's just copy/paste and change abit :)
Goodluck tho :)
You should move your code away from ClientLogin and use OAuth 2.0 instead. You didn't mention what language your script uses but Google has some samples for performing OAuth 2.0 at:
https://developers.google.com/google-apps/documents-list/#authorizing_requests_with_oauth_20
and
https://developers.google.com/api-client-library/
Jay