Closed marcocaberletti closed 2 years ago
This looks great. Thanks. I'll give it a try this weekend and update the docs too.
I'm not sure why I did not use 'desktop app' in the first place, but its too long ago to remember!
Hi Marco,
I think I need help generating the application token. Using your code I'm still getting the error in #341.
Did you use a different workflow to generate the App token?
Thanks
Verify the client_secret.json
content: you should only have this:
"redirect_uris": [
"http://localhost"
]
in redirect URIs
Thanks, I now have it working.
One of the things I need to support is non-GUI authentication for people running gphotos-sync on a server or in a container.
It looks like I can achieve this with:
flow.run_local_server(open_browser=False, host=
This is only going to work if host is routable from the workstation where the user runs their browser. Its a new limitation but worth the fix.
Many thanks.
I think the limitation can be solved using run_console:
flow.run_console()
Maybe a new CLI parameter can be added to choose with strategy use. I'll try and open a new PR
Hi Marco,
The first thing I tried was run_console and it does not seem to use the localhost server. If you can make it work I would be interested as this would be the preferred solution.
Thanks.
On Mon, 25 Apr 2022 at 07:57, Marco Caberletti @.***> wrote:
I think the limitation can be solved using run_console https://google-auth-oauthlib.readthedocs.io/en/latest/reference/google_auth_oauthlib.flow.html#google_auth_oauthlib.flow.InstalledAppFlow.run_console :
flow.run_console()
Maybe a new CLI parameter can be added to choose with strategy use. I'll try and open a new PR
— Reply to this email directly, view it on GitHub https://github.com/gilesknap/gphotos-sync/pull/342#issuecomment-1108146001, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHLRW5HLI2A5MBUZB3XV4DVGY665ANCNFSM5TSW56NA . You are receiving this because you modified the open/close state.Message ID: @.***>
@marcocaberletti any ideas on this?
flow.run_local_server(open_browser=False) and flow.run_console() present the following URLs respectively:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=922694661112-hso5f9cqnuafdqap2k9nkc1qbatlf5am.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fphotoslibrary.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fphotoslibrary.sharing&state=d4cKp4V5ar49FsafOtoFK9YjKzF9Ee&access_type=offline
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=922694661112-hso5f9cqnuafdqap2k9nkc1qbatlf5am.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fphotoslibrary.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fphotoslibrary.sharing&state=WOIbBskf9JZ22x3H71kX8NOpBBgOmb&prompt=consent&access_type=offline
So you can see why the second one does not work.
I see the deprecated redirect uri in the second URL. Now, I don't remember all the details. I have to dig into it and try.
Hi @gilesknap ,
You are right, run_console
is deprecated and it doesn't work.
I've tried to implement this: https://developers.google.com/identity/protocols/oauth2/limited-input-device.
But as you can see at the end of the page, GooglePhotos scopes are not yet supported.
So, for servers and containers, I guess the workaround is:
.gphotos.token
into the destination folderThanks,
I'm going to go with this:
flow.run_local_server(open_browser=False, host=hostname)
where hostname can be passed on the command line.
Then it can be made to work as long as you have a workstation with a browser that can route to hostname.
This PR changes the authentication strategy, using the OAuth2 Device code flow (aka "Desktop app" in Google credentials language)
This change resolves also #341