gcal: replace oob OAuth2 with local server redirect #985
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WhyNotHugo
requested changes
May 24, 2022
Member
WhyNotHugo
left a comment
WhyNotHugo
left a comment
There was a problem hiding this comment.
Looks good.
This won't work in some specific scenarios (notably, when vdirsyncer is not running on the local host), but I don't think Google has presented any replacement for the API they've deprecated, so it doesn't seem like we have a choice here.
I mostly have minor feedback, I'll try this properly when I have the time, but generally makes sense.
| thread.start() | ||
| self._redirect_uri = f"http://{host}:{local_server.server_port}" | ||
| async with self._session as session: | ||
| # Fail fast if the address is occupied |
vdirsyncer/storage/google.py
Outdated
| self.last_request_uri = None | ||
| self._success_message = success_message | ||
|
|
||
| def __call__(self, environ, start_response): |
Member
There was a problem hiding this comment.
Suggested change
| def __call__(self, environ, start_response): | |
| def __call__(self, environ: Dict[str, Any], start_response: Callable[[str], list]) -> Iterable[byte]: |
telotortium
force-pushed
the
gcal-oauth-remove-oob
branch
from
51d6798 to
d7c9acf
Compare
WhyNotHugo
force-pushed
the
gcal-oauth-remove-oob
branch
from
8ea1217 to
ebf5ea0
Compare
Member
|
I've moved all code taken from I tested this on my local setup and it seems to work, will merge as soon as CI is done running. |
Google Calendar has disabled the oob method for new credentials (see https://developers.google.com/identity/protocols/oauth2/native-app), so new users cannot currently use Google Calendar. Fix this by switching to a loopback redirect_uri flow instead. Co-authored-by: Hugo Osvaldo Barrera <[email protected]>
WhyNotHugo
force-pushed
the
gcal-oauth-remove-oob
branch
from
4030432 to
baaf737
Compare
Member
|
Thanks! |
WhyNotHugo
added a commit
that referenced
this pull request
Jan 26, 2023
WhyNotHugo
added a commit
that referenced
this pull request
Feb 16, 2023
WhyNotHugo
added a commit
that referenced
this pull request
Feb 16, 2023
WhyNotHugo
added a commit
that referenced
this pull request
Feb 16, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Google Calendar has disabled the oob method for new credentials (see
https://developers.google.com/identity/protocols/oauth2/native-app), so
new users cannot currently use Google Calendar. Fix this by switching to
a loopback redirect_uri flow instead.
This is completely secure - Javascript on the OAuth2 authentication page
opened by the workflow makes a single GET request to a server listening
only on 127.0.0.1. Once the authentication page makes the GET request,
the local web server is not needed anymore and is immediately shut down.
Fix #975