Open phoebe-otterai opened 6 days ago
I will start by saying that this library is geared towards working with just google-auth-library-python which is primarily used for Google Cloud. It is used by folks for non-cloud purposes as well and works mostly because the library is a bit generic. Implicit flow is not supported by this library.
I am not familiar with AuthorizationClient but it seems strange that it will support only implicit flow. Have you checked what is the request and response to the auth
endpoint when using AuthorizationClient?
Hi, my team has been using
google_auth_oauthlib
's flow module for executing the OAuth 2.0 flow. This issue is regarding the authorization phase.Previously, our Android team was using GoogleSignInClient to acquire an authorization code and passing it to our python server for the exchange and storage of access/refresh tokens. Our server code looks like this:
However, after Android migrated to Google Identity Service's AuthorizationClient, we are now failing 100% at the token exchange step (
flow.fetch_token
) with anInvalidGrant
error.We can't seem to figure out why this is occurring and it is blocking our migration. Current thoughts:
google_auth_oauthlib
docs. I saw thatflow.fetch_token
calls therequests_oauthlib
fetch_token
function under the hood, which has a comment about usingtoken_from_fragment
if we are using the MobileApplicationClient/Implicit Grant type.token_from_fragment
inrequests_oauthlib
is supposed to be called from the mobile/Android client itself, since it takes in the whole response url.Where are we going wrong here? Is
google_auth_oauthlib
lacking support for Android's AuthorizationClient? Does Android now need to complete the OAuth flow by performing the token exchange themselves withrequests_oauthlib
(I don't think passing the refresh token to us is good security practice)? Does our python server need to callgoogle_auth_oauthlib
in a different way?Additional details
This is how Android is configuring their request:
Environment details
python --version
google-auth-oauthlib
version: 0.4.6