New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oauth_service_token Not working with scope as list/vector of urls, only as space delimited string #282

Closed
thomascjohnson opened this Issue Oct 12, 2015 · 6 comments

Comments

Projects
None yet
5 participants
@thomascjohnson

thomascjohnson commented Oct 12, 2015

Distinct possibility that I'm doing something completely wrong, but I can't seem to get this function to work. I believe in the past I have coded out the http request myself to get it to function. Here is some example code:

httr::oauth_service_token(httr::oauth_endpoints("google"),
                          jsonlite::fromJSON("mycredentials.json"),
                          c("https://www.googleapis.com/auth/drive",         
                            "https://www.googleapis.com/auth/drive.metadata"))

And from this I get:

Error in init_oauth_service_account(self$endpoint, self$secrets, self$params$scope) : 
  client error: (400) Bad Request

However, this works:

httr::oauth_service_token(httr::oauth_endpoints("google"),
                          jsonlite::fromJSON("mycredentials.json"),
                          "https://www.googleapis.com/auth/drive")

and so does this:

httr::oauth_service_token(httr::oauth_endpoints("google"),
                          jsonlite::fromJSON("mycredentials.json"),
                          paste(c("https://www.googleapis.com/auth/drive",         
                                  "https://www.googleapis.com/auth/drive.metadata"),
                                collapse = " "))

It looks like it all comes down to needing to supply the scopes as a space delimited string (just like the Google API wants – keep in mind it may be different for different APIs). I am putting this here for posterity so should anyone else run into the problem, they have a solution. I will try to find the problem in the package itself and send a pull request – that is, if this isn't a planned "feature" in the first place.

@MarkEdmondson1234

This comment has been minimized.

MarkEdmondson1234 commented Oct 16, 2015

I ran into this, but then I can't get a request running afterwards. Do you have working example?

If I modify the oauth2.0 example to use the JSON I have:

library(httr)

 # 1. Find OAuth settings for google:
#    https://developers.google.com/accounts/docs/OAuth2InstalledApp
 oauth_endpoints("google")
<oauth_endpoint>
 authorize: https://accounts.google.com/o/oauth2/auth
 access:    https://accounts.google.com/o/oauth2/token
 validate:  https://www.googleapis.com/oauth2/v1/tokeninfo
 revoke:    https://accounts.google.com/o/oauth2/revoke

#2. Don't need an app

 # 3. Get OAuth credentials
 json_file <- jsonlite::fromJSON("bigQueryR-4494268a1398.json")
google_token <- oauth_service_token(oauth_endpoints("google"), json_file,
                                scope = "https://www.googleapis.com/auth/userinfo.profile")

 # 4. Use API
 req <- GET("https://www.googleapis.com/oauth2/v1/userinfo",
            config(token = google_token))

Error: is.request(y) is not TRUE
@thomascjohnson

This comment has been minimized.

thomascjohnson commented Oct 16, 2015

Mark, as a further issue with this, I had to manually create the request. I
can't remember how I did it exactly, but it can be done.
On Fri, Oct 16, 2015 at 1:32 PM Mark notifications@github.com wrote:

I ran into this, but then I can't get a request running afterwards. Do you
have working example?

If I modify the oauth2.0 example to use the JSON I have:

library(httr)

1. Find OAuth settings for google:

https://developers.google.com/accounts/docs/OAuth2InstalledApp

oauth_endpoints("google")
<oauth_endpoint>
authorize: https://accounts.google.com/o/oauth2/auth
access: https://accounts.google.com/o/oauth2/token
validate: https://www.googleapis.com/oauth2/v1/tokeninfo
revoke: https://accounts.google.com/o/oauth2/revoke

3. Get OAuth credentials

json_file <- jsonlite::fromJSON("bigQueryR-4494268a1398.json")
google_token <- oauth_service_token(oauth_endpoints("google"), json_file,
scope = "https://www.googleapis.com/auth/userinfo.profile")

4. Use API

req <- GET("https://www.googleapis.com/oauth2/v1/userinfo",
config(token = google_token))

Error: is.request(y) is not TRUE


Reply to this email directly or view it on GitHub
#282 (comment).

@MarkEdmondson1234

This comment has been minimized.

MarkEdmondson1234 commented Oct 16, 2015

Thanks, I just read this similar issue which suggests putting the token in the request parameters, sounds like what you are saying too :)

@makanig

This comment has been minimized.

makanig commented Oct 16, 2015

FYI - this is what I ended up doing, kind of a hack..I had to change the function to get around the two issues I filed.

, library(httr)
  library(jsonlite)

  keyFile <- "TwitterAPI-App-51ca9b46ce60.json"
  endpoint <- oauth_endpoint(authorize= "https://www.googleapis.com/oauth2/v3/token", 
                             access = "https://www.googleapis.com/oauth2/v3/token", 
                             base_url = "https://www.googleapis.com")
  # endpoint <- oauth_endpoints("google") # this is for accounts.google.com, I need GCP access

  secrets <- jsonlite::fromJSON(keyFile)
  scope <- "https://www.googleapis.com/auth/devstorage.read_write"

  googleToken <- my_oauth_service_token(endpoint, secrets, scope)

  surl <- "https://www.googleapis.com/storage/v1/b?project=rock-module-102802"

  req <- GET(surl,query = list(access_token = googleToken$credentials$access_token), verbose())
@hadley

This comment has been minimized.

Member

hadley commented Dec 17, 2015

@craigcitro @siddharthab any idea where scopes are always space separated?

@siddharthab

This comment has been minimized.

Contributor

siddharthab commented Dec 17, 2015

I suppose it is a quirk. Did not have to be that way but it is.

From https://developers.google.com/identity/protocols/OAuth2ServiceAccount > Preparing to make an authorized API call > HTTP/REST

scope A space-delimited list of the permissions that the application requests.

@hadley hadley closed this in ffd9f9f Dec 18, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment