search

aw-mfe / gsuite2mfe

Send events from G Suite to McAfee SIEM
MIT License
13 stars 7 forks source link

authorization code works.. but only for a while #9

Open syunusic opened 4 years ago

syunusic commented 4 years ago

gsuite2mfe works fine for a while.. I get syslogs without problems... but after a while my guess is the authentication tokes expires or something, but this is what happened:

$ python3.6 gsuite2mfe.py 
Traceback (most recent call last):
  File "gsuite2mfe.py", line 613, in <module>
    main()
  File "gsuite2mfe.py", line 590, in main
    events = gsuite.execute()
  File "gsuite2mfe.py", line 269, in execute
    self.get_credentials()
  File "gsuite2mfe.py", line 245, in get_credentials
    self.creds.refresh(Request())
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/credentials.py", line 183, in refresh
    self._scopes,
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/_client.py", line 248, in refresh_grant
    response_data = _token_endpoint_request(request, token_uri, body)
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/_client.py", line 124, in _token_endpoint_request
    _handle_error_response(response_body)
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/_client.py", line 60, in _handle_error_response
    raise exceptions.RefreshError(error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_scope: Some requested scopes were invalid. {invalid=[a, c, d, e, g, h, i, l, m, ., n, /, o, p, r, s, t, u, w, y, :]}', '{\n  "error": "invalid_scope",\n  "error_description": "Some requested scopes were invalid. {invalid\\u003d[a, c, d, e, g, h, i, l, m, ., n, /, o, p, r, s, t, u, w, y, :]}",\n  "error_uri": "http://code.google.com/apis/accounts/docs/OAuth2.html"\n}')
(gsuite2mfe) [centos@etl01 gsuite2mfe]$ python3.6 gsuite2mfe.py -l debug
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: ******************DEBUG ENABLED******************
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Log retrieval enabled for: ['admin', 'calendar', 'drive', 'login', 'mobile', 'token', 'groups', 'saml', 'chat', 'gplus', 'rules', 'jamboard', 'meet', 'user_accounts', 'access_transparency', 'groups_enterprise']
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Initializing syslog server: 172.16.233.64:514
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: *****************
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Processing actvity: admin
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: *****************
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Init bookmark object: admin.
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Looking for bookmark file.
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Bookmark file not found: .admin.bookmark.
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Building cache for: admin
Jun 03 20:53:55 etl01.novalocal gsuite2mfe: Authenticating to GSuite
Jun 03 20:53:55 etl01.novalocal requests: Making request: POST https://oauth2.googleapis.com/token
Jun 03 20:53:55 etl01.novalocal connectionpool: Starting new HTTPS connection (1): oauth2.googleapis.com:443
Jun 03 20:53:55 etl01.novalocal connectionpool: https://oauth2.googleapis.com:443 "POST /token HTTP/1.1" 400 None
Traceback (most recent call last):
  File "gsuite2mfe.py", line 613, in <module>
    main()
  File "gsuite2mfe.py", line 590, in main
    events = gsuite.execute()
  File "gsuite2mfe.py", line 269, in execute
    self.get_credentials()
  File "gsuite2mfe.py", line 245, in get_credentials
    self.creds.refresh(Request())
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/credentials.py", line 183, in refresh
    self._scopes,
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/_client.py", line 248, in refresh_grant
    response_data = _token_endpoint_request(request, token_uri, body)
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/_client.py", line 124, in _token_endpoint_request
    _handle_error_response(response_body)
  File "/home/centos/programas/gsuite2mfe/lib/python3.6/site-packages/google/oauth2/_client.py", line 60, in _handle_error_response
    raise exceptions.RefreshError(error_details, response_body)
google.auth.exceptions.RefreshError: ('invalid_scope: Some requested scopes were invalid. {invalid=[a, c, d, e, g, h, i, l, m, ., n, /, o, p, r, s, t, u, w, y, :]}', '{\n  "error": "invalid_scope",\n  "error_description": "Some requested scopes were invalid. {invalid\\u003d[a, c, d, e, g, h, i, l, m, ., n, /, o, p, r, s, t, u, w, y, :]}",\n  "error_uri": "http://code.google.com/apis/accounts/docs/OAuth2.html"\n}')

What have I do to make it work and only have to generate the authorization code once (because now my only chance is to start from scratch and generate the code again by hand (getting into g suite and so on).

syunusic commented 4 years ago

Confirmed... the token last only one hour.. after that I get the error:

google.auth.exceptions.RefreshError: ('invalid_scope: Some requested scopes were invalid. {invalid=[a, c, d, e, g, h, i, l, m, ., n, /, o, p, r, s, t, u, w, y, :]}', '{\n  "error": "invalid_scope",\n  "error_description": "Some requested scopes were invalid. {invalid\\u003d[a, c, d, e, g, h, i, l, m, ., n, /, o, p, r, s, t, u, w, y, :]}",\n  "error_uri": "http://code.google.com/apis/accounts/docs/OAuth2.html"\n}')
Kn-ut99 commented 3 years ago

Same here. Anyone got a solution ? There must be a way to get an auth token that is permanent.