google api and oauth2
Littlefield, Tyler
tyler at tysdomain.com
Tue Sep 25 16:22:17 EDT 2012
On 9/25/2012 2:05 PM, Demian Brecht wrote:
> This is a shameless plug, but if you want a much easier to understand
> method of accessing protected resources via OAuth2, I have a 55 LOC
> client implementation with docs and examples
> here:https://github.com/demianbrecht/sanction (Google is one of the
> tested providers with an access example).
>
No complaints from me if it works. Honestly I was a bit discouraged at
Google's decent lack of documentation and the quality of the code.
> Are you trying to access resources client side (through Javascript) or
> server side? Either way, the redirect URI *is* important. The first
> step is to have your user authorize your application using Google's
> authorization page. As one of the query parameters, you must specify
> the redirect URI (which must match those registered through Google's
> app console).
>
I'm trying to access it through a desktop Python application, which made
me really confused. There was something else that talked about returning
the tokens in a different way, but it talked about returning them in the
title of the webpage, and since I'd be spawning a browser to request
authorization, I'd have to write something that would pull the window
information and then parse out the token from the title, which doesn't
sound to stable.
> Once the user has authorized your application, they're redirected back
> to your site (via the specified redirect URI), with a "code" attached
> as a query param. Once you get that code, you must exchange that with
> Google's token endpoint to retrieve the access and refresh tokens.
>
Awesome. I could theoretically just create a webpage on my server to
redirect people to with the query, but I'm still not quite sure how I'd
retrieve that from the desktop application.
> No, it doesn't matter which library you use. Google's (imho) is overly
> verbose and difficult to grok (especially for someone new to either
> OAuth 2.0 or Python, or both). The client ID doesn't need to be kept
> private, but the secret does. You should *never* put this anywhere
> that can be read publicly.
>
I plan on storing them both in variables. It's not going to be the best
solution, but I plan to use python -O to create pyo files, which from
what I understand are harder to decompile, and it'll be in a py2exe
executable. Still not to hard to get at, but it's not right there either.
> On Tue, Sep 25, 2012 at 12:04 PM, Littlefield, Tyler
> <tyler at tysdomain.com <mailto:tyler at tysdomain.com>> wrote:
>
> Hello all:
> I've been trying to figure out the oauth2client part of google's
> api, and I am really confused.
> It shows a flow, and even with the client flow, you need a
> redirect uri. This isn't important because I just want to get both
> an access and refresh token.
> Has anyone had any experience with this? Is it easier to use a
> more developed oauth2 library to handle this? If so, can anyone
> make any suggestions?
>
> If I understand everything correctly, it doesn't matter what
> library I would use to work with the oauth2 protocol, so I could
> break out of this workflow thing that looks like it's more
> designed for web apps.
> Finally, they caution you about being careful about your client id
> and your client secret; is there much in the way of obviscation
> or something I can do to keep this secret?
>
> --
> Take care,
> Ty
> http://tds-solutions.net
> The aspen project: a barebones light-weight mud engine:
> http://code.google.com/p/aspenmud
> He that will not reason is a bigot; he that cannot reason is a
> fool; he that dares not reason is a slave.
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>
--
Take care,
Ty
http://tds-solutions.net
The aspen project: a barebones light-weight mud engine:
http://code.google.com/p/aspenmud
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20120925/52592d6a/attachment.html>
More information about the Python-list
mailing list