I have a periodic job that pulls data from my appengine datastore using remote api. This job suddenly stopped working because google decided not to like my server anymore. It works on my machine, though.
Here's what happens in a python shell on my machine:
$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from google.appengine.ext.remote_api import remote_api_stub
>>> app = 'qmagicobr2.appspot.com'
>>> remote_api_stub.ConfigureRemoteApiForOAuth(app, '/_ah/remote_api')
<google.appengine.tools.appengine_rpc_httplib2.HttpRpcServerOAuth2 object at 0x7f5cdfac61d0>
>>>
And here's what happens with the same code on my server
(qmbi)dashboard@ip-172-31-32-222:~/qmbi$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from google.appengine.ext.remote_api import remote_api_stub
>>> app = 'qmagicobr2.appspot.com'
>>> remote_api_stub.ConfigureRemoteApiForOAuth(app, '/_ah/remote_api')
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.apis+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&client_id=None&access_type=offline
Enter verification code:
When I go to the URL above I get an error page that says:
- That's an error. Error: invalid_client The OAuth client was not found. Request Details access_type=offline scope= https://www.googleapis.com/auth/appengine.apis https://www.googleapis.com/auth/userinfo.email response_type=code redirect_uri=urn:ietf:wg:oauth:2.0:oob client_id=None That's all we know.
Help?
---- UPDATE (2016-05-12) -----
I forgot to mention the authentication file I'm using. For ConfigureRemoteApiForOAuth
to work I need to have an environment variable GOOGLE_APPLICATION_CREDENTIALS
pointing to a credentials file. I do. In both environments (my machine, and the server) GOOGLE_APPLICATION_CREDENTIALS
points to a json file (the same file in both environments) with the following format:
{
"type": "service_account",
"project_id": "qmagicobr2",
"private_key_id": "000000000000000000000000000000000000000",
"private_key": "-----BEGIN PRIVATE KEY-----\nAAAAAAAAAAAAAAAAAAAAAAA....AAAA\n-----END PRIVATE KEY-----\n",
"client_email": "dashboard@qmagicobr2.iam.gserviceaccount.com",
"client_id": "0000000000000000000000",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dashboard%40qmagicobr2.iam.gserviceaccount.com"
}
This file was generated using Appengine's developer console, under "Credentials / Service Account Keys / Manage Service accounts"
So I just tested this particular use case and the fact that client id is none
reveals a lot.
ConfigureRemoteApiForOAuth
accepts using a service account with a key file, providing oauth2 params as an appengine_rpc_httplib2.HttpRpcServerOAuth2.OAuth2Parameters
object where you can specify the client id
, secret
, scope
etc. OAuth2Parameters Doc
But the easiest way to mitigate the situation though is to use the gcloud tool to properly authenticate your server:
gcloud auth login
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.