403 Forbidden when submitting authcode for google calendar

[solomon-b]

I was able to get the auth code successfully, however i have not been able to use it to authorize syncronization:

~ λ calcurse-caldav --init keep-remote --authcode '<auth_code_here>'
/usr/bin/calcurse-caldav:563: DeprecationWarning: This method will be removed in future versions.  Use 'parser.read_file()' instead.
  config.readfp(open(configfn))
Connecting to apidata.googleusercontent.com...
Removing all local calcurse objects...
error: The server at apidata.googleusercontent.com replied with HTTP status code
error: 403 (Forbidden) while trying to access https://apidata.googleusercontent.
error: com/caldav/v2/xxx@gmail.com/events/.

I'm using calcurse 4.4.0 on archlinux.

[shibacomputer]

I have the same issue on macOS Mojave and am not quite sure how to diagnose it.

[lfos]

Did you try to use debug mode?

[lfos]

Also, is this possibilty a duplicate of #147?

[shibacomputer]

@lfos thanks for the reply! I don't believe this is a duplicate of #147 as this happens at --init and not during a sync.

Here's what happens after running calcurse-caldav with a debug flag:

$ calcurse-caldav --debug --init keep-remote
/usr/local/bin/calcurse-caldav:563: DeprecationWarning: This method will be removed in future versions.  Use 'parser.read_file()' instead.
  config.readfp(open(configfn))
warning: Dry run; nothing is imported/exported. Add "DryRun = No" to the
warning: [General] section in the configuration file to enable synchronization.
Running command: ['calcurse', '--version']
> REPORT https://apidata.googleusercontent.com/caldav/v2/xxxxxx@xxxxxx.com/events/
> Headers: {'Content-Type': 'application/xml; charset=utf-8', 'Depth': '1'}
> <?xml version="1.0" encoding="utf-8" ?><C:calendar-query xmlns:D="DAV:"                   xmlns:C="urn:ietf:params:xml:ns:caldav"><D:prop><D:getetag /></D:prop><C:filter><C:comp-filter name="VCALENDAR" /></C:filter></C:calendar-query>

< Status: 403 (Forbidden)
< Headers: {'vary': 'Origin, X-Origin', 'content-type': 'text/xml; charset=UTF-8', 'date': 'Mon, 15 Apr 2019 13:54:37 GMT', 'expires': 'Mon, 15 Apr 2019 13:54:37 GMT', 'cache-control': 'private, max-age=0', 'x-content-type-options': 'nosniff', 'x-frame-options': 'SAMEORIGIN', 'x-xss-protection': '1; mode=block', 'server': 'GSE', 'alt-svc': 'quic=":443"; ma=2592000; v="46,44,43,39"', 'transfer-encoding': 'chunked', 'status': '403', 'content-length': '65', '-content-encoding': 'gzip'}
< <?xml version="1.0" encoding="UTF-8"?>
< <D:error xmlns:D="DAV:"/>

error: The server at apidata.googleusercontent.com replied with HTTP status code
error: 403 (Forbidden) while trying to access https://apidata.googleusercontent.
error: com/caldav/v2/xxxxxx@xxxxxx.com/events/.

[madamdata]

same problem, same errors / debug messages, on Ubuntu Studio 16.04, calcurse 4.4.0

[lfos]

Strange. Are you sure you are using the proper auth code?

I am currently not syncing with Google calendar myself, so I cannot help much with this.

@watersalesman, do you have any ideas?

[watersalesman]

it's been awhile since I synced from scratch. I did just that and things worked fine minus one quirk.

I noticed that when receiving your auth code, the redirect URI now returns the scope as well as the auth code. Example: http://127.0.0.1/?code=4/UgErD_iBJSSKblahblah6Gj4gknqVrNIsbjegDxhsnChw_T-4HR9PblahblBlSipuO1P5s&scope=https://www.googleapis.com/auth/calendar

You need to make sure to copy only the auth code - so anything after &code= but before &scope=blahblahblah. Including the scope portion of the returned URI would result in an invalid auth code and authorization error. Hopefully, this helps.

Documentation will need to be updated to account for the additional text being returned in the URI.

[lfos]

Thanks for adding that.

@ssbothwell, @shibacomputer, @madamdata: can you confirm that this was the problem? Or does the problem persist even after using only the auth code without the scope parameter?

[trudheim]

The problem is not granting the CalDAV API to the project. Do that, and it starts working. (Figured this out myself today)

[lfos]

@watersalesman Should we add that in a "Troubleshooting" section in the calcurse-caldav README?

[watersalesman]

Sure, it would definitely be beneficial to start collecting common issues under the calcurse-caldav README

[eorus]

Is there any workaround on this topic. I stuck at the same point as 403 forbidden.

[lfos]

The solutions have been described in the discussion above and documented at https://github.com/lfos/calcurse/pull/222/commits/d3828181cd1532d163519502bba3cfd895dfdc32. If neither of them work for you, please file a new ticket. Thanks!

[eorus]

Yes, I proceeded by reading this discussion and document. It was even an installation I did before (last year). While applying for the new system, I see that the parts in the document are no longer included in the Google developer console. For example, we can no longer select "other" in the credentials section. If selected a desktop app then it needs verification.