Develop Reference

Giving up on Google Drive API - Server to Server oauth2

Just as I thought that I "hacked" this ... I realize that I don't understand it anyway.
Important note:
I want to use "server-to-server approved" access so I can avoid Google's crazy approval nightmare for all operations on google drive. My users hate having to approve the script actions on every new copy of my master spreadsheet that we create.
I am trying to use DriveV3 - gem 'google-api-client', '0.9.11'
And I am trying to get authentication working.
I have managed all the initial setup of both console.xxx.xx and admin.google.xxx
So now I have a .p12 file with a Server-to-server approved credentials.
The following code has been used to get a service:
def self.service_client
keypath = Rails.root.join('config','xxxxxxxx.p12').to_s
#client = Google::Apis::DriveV3::DriveService.new
#client.client_options.application_name = "Rails2"
#client.authorization = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:audience => 'https://accounts.google.com/o/oauth2/token', :scope => "https://www.googleapis.com/auth/drive",
:issuer => "rails2#autoa-automations.iam.gserviceaccount.com",
:signing_key => Google::APIClient::KeyUtils.load_from_pkcs12(keypath, "yyyy"))
#client.authorization.fetch_access_token!
end
I did this in my before_filter:
session[:google_token] = GoogleDrive::GoogleDocs.service_client
And then use it something like ...
def list_google_docs
gtoken = session[:google_token]
google_session = Google::Apis::DriveV3::DriveService.new
google_session.authorization = gtoken
#google_docs = []
page_token = nil
begin
(myfiles, page_token) = google_session.list_files(page_size: 10, q: "'MYROOTFOLDERID' in parents", fields: 'files(id, mimeType, name), nextPageToken')
#for file in google_session.drive.list_files(page_size: 10, fields: 'nextPageToken, files(id, mime name)')
myfiles.files.each do |file|
filename = file.name
if filename.include?('body')
#google_docs << filename
end
end
end while page_token
end
But I keep getting
dailyLimitExceededUnreg: Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.
It worked initially ...
Anyone who can help?
I simply don't get the hole Google authentication approach ... I have tried a lot but this is too complicated for me ...

Refresh token using Omniauth-oauth2 in Rails application

I am using omniauth-oauth2 in rails to authenticate to a site which supports oauth2. After doing the oauth dance, the site gives me the following, which I then persist into the database:
Access Token
Expires_AT (ticks)
Refresh token
Is there an omniauth method to refresh the token automatically after it expires or should I write custom code which to do the same?
If custom code is to be written, is a helper the right place to write the logic?

Omniauth doesn't offer this functionality out of the box so i used the previous answer and another SO answer to write the code in my model User.rb
def refresh_token_if_expired
if token_expired?
response = RestClient.post "#{ENV['DOMAIN']}oauth2/token", :grant_type => 'refresh_token', :refresh_token => self.refresh_token, :client_id => ENV['APP_ID'], :client_secret => ENV['APP_SECRET']
refreshhash = JSON.parse(response.body)
token_will_change!
expiresat_will_change!
self.token = refreshhash['access_token']
self.expiresat = DateTime.now + refreshhash["expires_in"].to_i.seconds
self.save
puts 'Saved'
end
end
def token_expired?
expiry = Time.at(self.expiresat)
return true if expiry < Time.now # expired token, so we should quickly return
token_expires_at = expiry
save if changed?
false # token not expired. :D
end
And before making the API call using the access token, you can call the method like this where current_user is the signed in user.
current_user.refresh_token_if_expired
Make sure to install the rest-client gem and add the require directive require 'rest-client' in the model file. The ENV['DOMAIN'], ENV['APP_ID'] and ENV['APP_SECRET'] are environment variables that can be set in config/environments/production.rb (or development)

In fact, the omniauth-oauth2 gem and its dependency, oauth2, both have some refresh logic built in.
See in https://github.com/intridea/oauth2/blob/master/lib/oauth2/access_token.rb#L80
# Refreshes the current Access Token
#
# #return [AccessToken] a new AccessToken
# #note options should be carried over to the new AccessToken
def refresh!(params = {})
fail('A refresh_token is not available') unless refresh_token
params.merge!(:client_id => #client.id,
:client_secret => #client.secret,
:grant_type => 'refresh_token',
:refresh_token => refresh_token)
new_token = #client.get_token(params)
new_token.options = options
new_token.refresh_token = refresh_token unless new_token.refresh_token
new_token
end
And in https://github.com/intridea/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L74 :
self.access_token = access_token.refresh! if access_token.expired?
So you may not be able to do it directly with omniauth-oauth2, but you can certainly do something along the lines of this with oauth2:
client = strategy.client # from your omniauth oauth2 strategy
token = OAuth2::AccessToken.from_hash client, record.to_hash
# or
token = OAuth2::AccessToken.new client, token, {expires_at: 123456789, refresh_token: "123"}
token.refresh!

Eero's answer unlocked a path for me to solve this. I have a helper concern for my classes which get me a GmailService. As part of this process, the user object (which contains the google auth info) gets checked if it's expired. If it has, it refreshes before returning the service.
def gmail_service(user)
mail = Google::Apis::GmailV1::GmailService.new
# Is the users token expired?
if user.google_token_expire.to_datetime.past?
oauth = OmniAuth::Strategies::GoogleOauth2.new(
nil, # App - nil seems to be ok?!
"XXXXXXXXXX.apps.googleusercontent.com", # Client ID
"ABC123456" # Client Secret
)
token = OAuth2::AccessToken.new(
oauth.client,
user.google_access_token,
{ refresh_token: user.google_refresh_token }
)
new_token = token.refresh!
if new_token.present?
user.update(
google_access_token: new_token.token,
google_token_expire: Time.at(new_token.expires_at),
google_refresh_token: new_token.refresh_token
)
else
puts("DAMN - DIDN'T WORK!")
end
end
mail.authorization = user.google_access_token
mail
end

There is some information here, too much to list here. It may depend on the provider you are using, and their allowed usage of the refresh-token

Similarly to other answers I followed this approach, where the model storing the auth and refresh tokens is used, abstracting API interactions from that logic.
See https://stackoverflow.com/a/51041855/1392282

If you are using devise you can create a new strategy the following way I guess, so that you don't need to repeat client id and secret everywhere:
# first argument is something called app, but not sure what but nil seems to be fine.
Strategies::MyStrategy.new(nil, *Devise.omniauth_configs[:mystrategy].args)

How to use Twitter gem in Rails, need small to figure out the whole thing?

I got access for the user using twitter_auth gem. Here is the code for that.
def twitter
client = TwitterOAuth::Client.new(
:consumer_key => '******',
:consumer_secret => '********'
)
request_token = client.request_token(:oauth_callback => new_user_url)
session[:request_token] = request_token
redirect_to request_token.authorize_url
end
def new
client = TwitterOAuth::Client.new(
:consumer_key => '*****',
:consumer_secret => '******'
)
access_token = client.authorize(
session[:request_token].token,
session[:request_token].secret,
:oauth_verifier => params[:oauth_verifier]
)
#For testing purpose, i tried posting a status and its working perfectly fine
client.update('I am authorized')
end
I am confused in using twitter gem cause every example from the docs says:
Twitter.user("sferik").location // throws an error, Twitter::Error::Unauthorized: Invalid / expired Token
From friends and followers
Twitter.accept("sferik") // throws an error, Twitter::Error::Unauthorized: Invalid / expired Token
Twitter.follow("sferik") // throws an error, Twitter::Error::Unauthorized: Invalid / expired Token
All these errors makes sense, cause we are applying these methods on Class not an object. But how to create an object for this. I have a authorized user but how to take actions on his profile using token we got.

Use client instead of Twitter.
You can see here how you should do it.

Getting an Access Token with OAuth-Ruby and Tumblr API (Rails 3)

I am using OAuth-Ruby to do an OAuth authentication with a Tumblr application. I am able to write code that progresses through the various steps of OAuth, but I cannot get an access token or actually make a request. I can get a request key, redirect the user to Tumblr to authenticate and grant access, and receive an authenticated request key. But I can't get any farther than that.
I have registered my Tumblr application; let's assume for this question that it has provided me with the following keys:
OAuth Consumer Key: #oauth_consumer_key
Secret Key: #secret_key
(I have actual values, but I am keeping them concealed here for obvious reasons.)
I am running the following code within a controller that runs when the user submits a form, which form stores information in the #tumblog variable:
#0. provided when registering application
#key = #oauth_consumer_key
#secret = #secret_key
#site = 'http://www.tumblr.com'
#consumer = OAuth::Consumer.new(#key, #secret,
{ :site => #site,
:request_token_path => '/oauth/request_token',
:authorize_path => '/oauth/authorize',
:access_token_path => '/oauth/access_token',
:http_method => :post } )
if #consumer
#1. get a request token
#request_token = #consumer.get_request_token;
session[:request_token] = #request_token
session[:tumblog] = #tumblog
#2. have the user authorize
redirect_to #request_token.authorize_url
else
flash[:error] = "Failed to acquire request token from Tumblr."
render 'new'
end
This code gets me to the right page at Tumblr, where the user grants or denies my application access to the user's account. Assuming the user grants access, Tumblr redirects back to my application, to a callback I provided when I registered the application with Tumblr. To that point, everything works beautifully.
My OAuth callback runs the following code in the controller:
if params[:oauth_token] && params[:oauth_verifier]
#tumblog = session[:tumblog]
#request_token = session[:request_token]
#3. get an access token
#access_token = #request_token.get_access_token
. . . .
end
At Step 3, there is a problem. I cannot seem to actually get an access token with the line:
#access_token = #request_token.get_access_token
Can someone tell me what I need to do to get the access token? When I run that line, I get a OAuth::Unauthorized error.
I truly appreciate any advice. I've been Googling and trying different things for multiple days. Thanks!

i use Pelle's oauth plugin and modified it a little to support xauth like this :
require 'rubygems'
require 'oauth'
CONSUMER_KEY = 'YOUR_CONSUMER_KEY'
CONSUMER_SECRET = 'YOUR_CONSUMER_SECRET'
consumer = OAuth::Consumer.new(CONSUMER_KEY, CONSUMER_SECRET, :site => 'https://www.tumblr.com/oauth/access_token')
access_token = consumer.get_access_token(nil, {}, { :x_auth_mode => 'client_auth',
:x_auth_username => "some#email.com",
:x_auth_password => "password"})
tumblr_credentials = access_token.get('http://www.tumblr.com/api/authenticate')
puts access_token
puts access_token.token
puts access_token.secret
puts tumblr_credentials.body

Does OmniAuth provide simple hooks to the Facebook Graph API?

I am working on integrating Omniauth with my new Facebook application, and I am looking through the rather sparse documentation to understand if it gives simple ways to access the graph API... I am moving from Koala which was pretty simple.
Has anyone out there used Omniauth for this yet? I want to get photos from the users' albums, and sort and get the unique URLs for them.

I finally found out:
1) include this gem
2) use the gem:
user = FbGraph::User.new('me', :access_token => session[:omniauth]["credentials"]["token"])
user.fetch
3) retrieve your information
user.name
Remember you can get anything from here ttp://developers.facebook.com/docs/reference/api/user

Another good option is Koala: https://github.com/arsduo/koala
If you're just using Facebook, Koala has its own OAuth support. It also works fine with OmniAuth. To use them together, set up OmniAuth per this Railscast:
http://railscasts.com/episodes/235-omniauth-part-1
Then add a 'token' column to 'authentications' table, and any supporting methods for retrieving tokens. When the app needs to interact with Facebook, let Koala grab the token and do its thing. In a controller:
if #token = current_user.facebook_token
#graph = Koala::Facebook::GraphAPI.new(#token)
#friends = #graph.get_connections("me", "friends")
end

First, I would go for fb_graph, just compare:
with koala:
graph = Koala::Facebook::GraphAPI.new OAUTH_ACCESS_TOKEN
friends = graph.get_connections("me", "friends")
graph.put_object("me", "feed", :message => "I am writing on my wall!")
with fb_graph:
me = FbGraph::User.me OAUTH_ACCESS_TOKEN
my_friends = me.friends
me.feed! :message => "I am writing on my wall!"
When using omniauth, every user has many authorizations (facebook, twitter, ...)
For each user authorization, you should store the oauth token that is returned in your oauth callback hash.
auth = Authorization.create!(:user => user,
:uid => hash['uid'],
:provider => hash['provider'],
:token => hash['credentials']['token'])
Then wherever you want to access albums and photos, do something like this:
class User
...
has_many :authorizations
...
def grap_facebook_albums
facebook = authorizations.where(:provider => :facebook).first
fb_user = ::FbGraph::User.fetch facebook.uid, :access_token => facebook.token
fb_albums = fb_user.albums
end
...
end

So I wasn't able to get fb_graph to work properly - I am still a noob having been a Ruby On Rails developer for a total of about 8-10 weeks, and therefore don't have an instinct for what must be obvious problems to other folks.
However I found this great little blog post which outlines a simple facebook client and shows clearly how it all plugs together. I found an issue with it picking up the me/picture object as Facebook returns an http302 not http200 but that was easily worked around with the help of the author. Check it out: http://bnerd.de/misc/ruby-write-basic-client-for-facebook-graph-api/
I am now using Omniauth for the simplicity of the login/signup interaction based on this walkthrough here: blog.railsrumble.com/blog/2010/10/08/intridea-omniauth and with the token I get from that I am using this simple FBClient from the bnerd reference above to access the Graph API. Hope what I found helps others.
...here's my version of bnerd's code and it worked for me:
class FBClient
def initialize(app, access_token = nil)
#app = app
#access_token = access_token
end
# request permission(s) from user
def request(perms)
#create a random verifier to identify user on fb callback
verifier = (0...10).map{65.+(rand(25)).chr}.join
uri = "https://graph.facebook.com/oauth/authorize?client_id=#{#app.app_id}&redirect_uri=#{#app.connect_url}?verifier=#{verifier}&scope=#{perms}"
request = { :verifier => verifier, :uri => uri }
return request
end
def connect(code, verifier)
uri = URI.parse("https://graph.facebook.com/oauth/access_token?client_id=#{#app.app_id}&redirect_uri=#{#app.connect_url}?verifier=#{verifier}&client_secret=#{#app.secret}&code=#{CGI::escape(code)}")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(uri.path + "?" + uri.query)
response = http.request(request)
data = response.body
return data.split("=")[1]
end
# get, post
def get(path, params = nil)
uri = URI.parse("https://graph.facebook.com/" + path)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
if params.nil?
params = Hash.new
end
if params["access_token"].nil?
params["access_token"] = #access_token unless #access_token.nil?
end
request = Net::HTTP::Get.new(uri.path)
request.set_form_data( params )
request = Net::HTTP::Get.new(uri.path + "?" + request.body)
return response = http.request(request)
end
def post(path, params = nil)
uri = URI.parse("https://graph.facebook.com/" + path)
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
if params.nil?
params = Hash.new
end
if params[:access_token].nil?
params[:access_token] = #access_token unless #access_token.nil?
end
request = Net::HTTP::Post.new(uri.path)
request.set_form_data( params )
request = Net::HTTP::Post.new(uri.path + "?" + request.body)
response = http.request(request)
response.code == "200" ? feed = JSON.parse(response.body) : raise("Sorry, an error occured. #{response.body}")
return feed
end
end
I am sure someone more experienced than I could improve this - I was about 10 weeks into learning Ruby (and my first programming since Fortran and Pascal at university in the early 90s!).

I also had problems getting the devise+Omniauth solution to work. I had to problems:
The session cookie did not store the facebook authentication token that is necessary to initialize fb_graph and koala.
I was unable to initialize fb_graph after getting the facebook authentication token in place (but got Koala to work after some work).
I solved #1 by inserting 'session[:omniauth] = omniauth' into the create method of the authentications_controller.rb.
I solved #2 by using Koala. Seem like fb_graph requires oauth2, and the devise omniauth integration use oauth. Koala works with perfectly with the facebook authentication token stored by session[:omniauth]["credentials"]["token"].
You initialize koala like this:
- #fbprofile =
Koala::Facebook::GraphAPI.new(
session[:omniauth]["credentials"]["token"]
)

I made sure oauth and oauth2 were uninstalled, and then I installed oauth2. It appears that now omniauth and fb_graph are working ... but probably need to test it more.