Problems with Google OAuth2

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems with Google OAuth2

Sam Hokin-3
I've configured Google OAuth2 for the LIS mines (OAuth consent screen) and specifically BeanMine (client_id, secret and redirect
URI). It seems to work OK up to actually getting the auth back to the mine. If I use the default API URI, which is coded in
intermine/webapp/src/main/webapp/WEB-INF/global.web.properties:

oauth2.GOOGLE.identity-resource = https://www.googleapis.com/plus/v1/people/me/openIdConnect

Google returns

message "Legacy People API has not been used in project 385508380982 before or it is disabled. Enable it by visiting
https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=385508380982 then retry. If you enabled
this API recently, wait a few minutes for the action to propagate to our systems and retry."
status "PERMISSION_DENIED"

I've enabled the now-called People API for my Google project.

That looks suspicious, since Google deprecated Google+ a while ago. So then I look up the Google doc

https://developers.google.com/identity/protocols/oauth2/web-server

and it appears I should use:

oauth2.GOOGLE.identity-resource = https://accounts.google.com/o/oauth2/v2/auth

but then Google appears to return something that isn't JSON:

Error granting permission: A JSONObject text must begin with '{' at 1 [character 2 line 1]

Any suggestions? Clearly this scheme is broken in 4.2.0 but I wonder if anyone has gotten it to work. If this is something that
needs to be updated in core IM, I can take it on, but I'd like to get feedback first. Thanks!
_______________________________________________
dev mailing list
[hidden email]
https://lists.intermine.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Google OAuth2

Sam Hokin-3
I'll add that the Google Legacy People API mentioned in the error response seems to have vanished, i.e. you cannot reach the given
developer panel page to turn it on. This may explain why some previously configured IM OAuth setups still work, but I cannot get the
old API URI to work with a new setup. A post on a Stack Overflow thread says to use the new People API instead, which I have enabled
for the LIS mine project and which returns the JSON error.

On 10/22/20 1:14 PM, Sam Hokin wrote:

> I've configured Google OAuth2 for the LIS mines (OAuth consent screen) and specifically BeanMine (client_id, secret and redirect
> URI). It seems to work OK up to actually getting the auth back to the mine. If I use the default API URI, which is coded in
> intermine/webapp/src/main/webapp/WEB-INF/global.web.properties:
>
> oauth2.GOOGLE.identity-resource = https://www.googleapis.com/plus/v1/people/me/openIdConnect
>
> Google returns
>
> message    "Legacy People API has not been used in project 385508380982 before or it is disabled. Enable it by visiting
> https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=385508380982 then retry. If you enabled
> this API recently, wait a few minutes for the action to propagate to our systems and retry."
> status    "PERMISSION_DENIED"
_______________________________________________
dev mailing list
[hidden email]
https://lists.intermine.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Google OAuth2

Daniela Butano-2
Hi Sam,
I hadn't noticed this issue, sorry for that!
HumanMine and FlyMine work fine but they have been configured ages ago.
After reading your email I have configure http://alpha.flymine.org to
use Google and I have had your same error.
After some investigations I discoverd the correct configuration.
If you put (as temporary workaround) these values on your
mine.properties it woks:

oauth2.GOOGLE.url.auth = https://accounts.google.com/o/oauth2/v2/auth
oauth2.GOOGLE.identity-resource =
https://www.googleapis.com/oauth2/v2/userinfo
oauth2.GOOGLE.id-key = id

If you don't mind I will update the intermine code (I'm already working
on this topic for the issue here
https://github.com/intermine/intermine/issues/1720)
Thanks!
Daniela

> I'll add that the Google Legacy People API mentioned in the error
> response seems to have vanished, i.e. you cannot reach the given
> developer panel page to turn it on. This may explain why some
> previously configured IM OAuth setups still work, but I cannot get the
> old API URI to work with a new setup. A post on a Stack Overflow
> thread says to use the new People API instead, which I have enabled
> for the LIS mine project and which returns the JSON error.
>
> On 10/22/20 1:14 PM, Sam Hokin wrote:
>> I've configured Google OAuth2 for the LIS mines (OAuth consent screen)
>> and specifically BeanMine (client_id, secret and redirect URI). It
>> seems to work OK up to actually getting the auth back to the mine. If
>> I use the default API URI, which is coded in
>> intermine/webapp/src/main/webapp/WEB-INF/global.web.properties:
>>
>> oauth2.GOOGLE.identity-resource =
>> https://www.googleapis.com/plus/v1/people/me/openIdConnect
>>
>> Google returns
>>
>> message    "Legacy People API has not been used in project
>> 385508380982 before or it is disabled. Enable it by visiting
>> https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=385508380982 
>> then retry. If you enabled this API recently, wait a few minutes for
>> the action to propagate to our systems and retry."
>> status    "PERMISSION_DENIED"
> _______________________________________________
> dev mailing list
> [hidden email]
> https://lists.intermine.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
[hidden email]
https://lists.intermine.org/mailman/listinfo/dev