Using Google OAuth on localhost

I159 picture I159 · Oct 2, 2011 · Viewed 16.4k times · Source

I started to use OAuth with Python and Django. I need it for Google APIs. I working on localhost, so I can't register a domain for url-callback. I've read about that Google OAuth could be used with anonymous domain. Can't find, how and where I can do that?

Edit:

I have this view:

def authentication(request):
    CONSUMER_KEY = 'xxxxx'
    CONSUMER_SECRET = 'xxxxx'
    SCOPES = ['https://docs.google.com/feeds/', ]

    client = gdata.docs.client.DocsClient(source='apiapp')
    oauth_callback_url = 'http://%s/get_access_token' % request.META.get('HTTP_HOST')
    request_token = client.GetOAuthToken(
      SCOPES, oauth_callback_url, CONSUMER_KEY, consumer_secret=CONSUMER_SECRET)
   domain = '127.0.0.1:8000'
   return HttpResponseRedirect(
        request_token.generate_authorization_url(google_apps_domain=domain))

And this error:

Sorry, you've reached a login page for a domain that isn't using Google Apps. Please check the web address and try again.

Registered via https://code.google.com/apis/console/

Edit:

CONSUMER_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxx'
CONSUMER_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxx'
SCOPES = ['https://docs.google.com/feeds/', ]
DOMAIN = 'localhost:8000'


def authentication(request):    
    client = gdata.docs.client.DocsClient(source='apiapp')
    oauth_callback_url = 'http://%s/get_access_token' % DOMAIN

    request_token = client.GetOAuthToken(SCOPES,
                                     oauth_callback_url,
                                     CONSUMER_KEY,
                                     consumer_secret=CONSUMER_SECRET)

    return HttpResponseRedirect(
        request_token.generate_authorization_url())


def verify(request):
    client = gdata.docs.client.DocsClient(source='apiapp')
    f = open('/home/i159/.ssh/id_rsa')
    RSA_KEY = f.read()
    f.close()

    oauth_callback_url = 'http://%s/get_access_token' % DOMAIN

    request_token = client.GetOAuthToken(SCOPES,
                                     oauth_callback_url,
                                     CONSUMER_KEY,
                                     rsa_private_key=RSA_KEY)
    return HttpResponseRedirect(
        request_token.generate_authorization_url(google_apps_domain=DOMAIN))

The error:

Unable to obtain OAuth request token: 400, Consumer does not have a cert: xxxxxxxxxxxxxxx.apps.googleusercontent.com

Answer

Bob Aman picture Bob Aman · Oct 3, 2011

Just to be clear, you can use the web application flow with localhost while developing on either OAuth 1.0 or OAuth 2.0. OAuth 2.0 should be preferred as it's the mechanism we are focussed on. The user experience for OAuth 2.0 is going to be substantially better.

There's nothing stopping you from using localhost as your callback URL. I do this myself all the time. You just need to make sure the callback URL matches exactly, including any port numbers, and you can't deploy your application that way for obvious reasons. Installed applications are more complicated, but if you're doing something with Django, it's possible to take advantage of the fact that OAuth 2.0 is a bearer-token system. As long as you're keeping the refresh token server-side, you can authenticate with your own application out-of-band and then send the bearer token to the installed application. Your installed application will have roughly a one-hour window in which to make calls before you'll need to repeat the process. This can happen transparently to the user in most cases. Transmission of the bearer token should happen over an encrypted channel.