search

astrada / google-drive-ocamlfuse

FUSE filesystem over Google Drive
https://astrada.github.io/google-drive-ocamlfuse/
MIT License
5.57k stars 354 forks source link

Google OAuth oob flow is deprecated #764

Closed vmartins closed 2 years ago

vmartins commented 2 years ago

When trying to authenticate headless:

google-drive-ocamlfuse -headless -label me -id MYKEY -secret MYSECRET

After opening the given URL in the browser, the error appears image

Googling about the error, I verified that OAuth out-of-band (oob) flow will be deprecated

astrada commented 2 years ago

Yes, in the latest version (0.7.28), I added 2 config options to address this issue: [oauth2_loopback] that can be set to [true] to enable the local server to handle the verification request, and [oauth2_loopback_port] to specify the port of the local server (defaults to 8080).

vmartins commented 2 years ago

After updating to version 0.7.28 and setting the parameter oauth2_loopback=true, I created a client of type web application with authorized redirect URI http://127.0.0.1:8080/oauth2callback and got the access token correctly.

Opening the given URL in the browser and authorizing, I was redirected to an address like: http://localhost:8080/?code=ACCESSTOKEN&scope=https://www.googleapis.com/auth/drive, so I copied the code and used as verification code.

Thanks!

eturkes commented 2 years ago

After updating to version 0.7.28 and setting the parameter oauth2_loopback=true, I created a client of type web application with authorized redirect URI http://127.0.0.1:8080/oauth2callback and got the access token correctly.

Opening the given URL in the browser and authorizing, I was redirected to an address like: http://localhost:8080/?code=ACCESSTOKEN&scope=https://www.googleapis.com/auth/drive, so I copied the code and used as verification code.

Thanks!

Thanks I was facing the same issue and this worked. Took me a bit to figure out that you have to extract the code directly from the address bar in the browser. Assuming you also got "This site can't be reached" upon arrival to the final address.

EdgarSedov commented 2 years ago

I was able to retrieve verification token by flow described in docker repository, but application shows this error on any call on my machine so i couldn't paste it correctly to the app:

edgar@edgar-laptop:~$ google-drive-ocamlfuse -cc -s -verbose -id my_id.apps.googleusercontent.com -secret my_secret
Starting application setup (label=default, base_dir=).
[0.000190] TID=0: Loading configuration from /home/edgar/.gdfuse/default/config...done
Opening log file: /home/edgar/.gdfuse/default/gdfuse.log
Clearing cache...done
Please enter the verification code: [23808:23808:0100/000000.685992:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.
TOKEN_PASTED_HERE
Cannot retrieve auth tokens.
Failure("Unexpected error response: {\n  \"error\": \"invalid_grant\",\n  \"error_description\": \"Bad Request\"\n}")

edgar@edgar-laptop:~$ rm -rf ~/.gdfuse/default
edgar@edgar-laptop:~$ google-drive-ocamlfuse
[24568:24568:0100/000000.317440:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.

Had to use integrated flow without my credentials, it worked because it doesn't require you to paste something to console

Would be great to update the docs accordingly, i can describe the process of retrieving verification_token if error can be fixed

bwraith commented 2 years ago

After updating to version 0.7.28 and setting the parameter oauth2_loopback=true, I created a client of type web application with authorized redirect URI http://127.0.0.1:8080/oauth2callback and got the access token correctly.

Opening the given URL in the browser and authorizing, I was redirected to an address like: http://localhost:8080/?code=ACCESSTOKEN&scope=https://www.googleapis.com/auth/drive, so I copied the code and used as verification code.

Thanks!

Hi, I am sorry if this should all be easily followed, but I'm a little confused. I've received the warning that oob is deprecated, and I believe that the oob method is what I'm using with google-drive-ocamlfuse as of now. Is the google-drive-ocamlfuse application providing a http listener at port 8080 on my local destop? How is the server for http://127.0.0.1:8080/oath2callback created/served? Do I need to create a local web server or is this part of the application's functionality? Sorry it's hard to grasp the flow from this information, as I'm simply using this application and not familiar with the code. I did have a clientid and secret created in an application that I created in the console under api credentials, so I can step through the creation of a new client with type web spplication and with the described URI, as you've described, but I don't understand what's happening on the desktop application and/or http listener on the desktop. Thanks you so much for any additional clarifications or instructions on this.

astrada commented 2 years ago

The http listener is provided by the application. You just have to update the configuration and do the authentication flow.

bwraith commented 2 years ago

After updating to version 0.7.28 and setting the parameter oauth2_loopback=true, I created a client of type web application with authorized redirect URI http://127.0.0.1:8080/oauth2callback and got the access token correctly.

Opening the given URL in the browser and authorizing, I was redirected to an address like: http://localhost:8080/?code=ACCESSTOKEN&scope=https://www.googleapis.com/auth/drive, so I copied the code and used as verification code.

In my case, I created the client as described, added the secret, client id, redirect uri, and oauth2_loopback=true parameters to the config file. I then executed google-drive-ocamlfuse (no parameters) and saw nothing happen. However, after removing the "state" file and issuing a clear cache command, the application launched the authentication page in my browser, I authorized, and it did everything else automatically. I saw a verification code retrieved successfuly in the browser window, and the console from which I launched google-drive-ocaml-fuse showed a similar "success" message for retrieving the verification token. I then issued a mount command, and it seems to be working. I'm not sure if this was the intended flow, but I thought I'd report what worked in my case, just in case it helps anyone else. Thanks...

BigTimeStats commented 1 year ago

Edit: seemed to work after I logged out and back in and used without sudo 

mkdir GoogleDrive
google-drive-ocamlfuse GoogleDrive

Old: Still not working for me after this: 

$: cat config | grep oaut
oauth2_loopback=true
oauth2_loopback_port=8080
$: ~/.gdfuse/default$ google-drive-ocamlfuse -headless -id xxx -secret xxx

Then I opened up the browser and copied the code from the url and received: Access token retrieved correctly.

Code was "4/xxxx&scope=https://www.googleapis.com/auth/drive" -> do I include the full url after code=?

However, then when I run 

sudo google-drive-ocamlfuse /GoogleDrive
/usr/bin/xdg-open: 869: www-browser: not found
....
Cannot retrieve auth tokens.
Failure("Error opening URL:https://accounts.google.com/o/oauth2/auth?xxxx
cat state
access_token_date=2023-03-14T23:18:53.000Z
auth_request_date=2023-03-14T23:18:53.000Z
auth_request_id=xxx
last_access_token=xxx
refresh_token=xxx
saved_version=0.7.30

Is this right?

GetPsyched commented 11 months ago

I was able to retrieve verification token by flow described in docker repository, but application shows this error on any call on my machine so i couldn't paste it correctly to the app:

edgar@edgar-laptop:~$ google-drive-ocamlfuse -cc -s -verbose -id my_id.apps.googleusercontent.com -secret my_secret
Starting application setup (label=default, base_dir=).
[0.000190] TID=0: Loading configuration from /home/edgar/.gdfuse/default/config...done
Opening log file: /home/edgar/.gdfuse/default/gdfuse.log
Clearing cache...done
Please enter the verification code: [23808:23808:0100/000000.685992:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.
TOKEN_PASTED_HERE
Cannot retrieve auth tokens.
Failure("Unexpected error response: {\n  \"error\": \"invalid_grant\",\n  \"error_description\": \"Bad Request\"\n}")

edgar@edgar-laptop:~$ rm -rf ~/.gdfuse/default
edgar@edgar-laptop:~$ google-drive-ocamlfuse
[24568:24568:0100/000000.317440:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process.

Had to use integrated flow without my credentials, it worked because it doesn't require you to paste something to console

Would be great to update the docs accordingly, i can describe the process of retrieving verification_token if error can be fixed

@EdgarSedov can you elaborate more on your solution? I'm running into the same issue and I'm guessing it's due to an outdated refresh token being passed into the console.