Replace OOB with loopback 3LO flow #1142
Conversation
|
This patch is a bit rough, but I've verified that it works with new clients and also when redirected through a SOCKS proxy. This is important since it's now the only way to authorize a remote server (short of using service account credentials directly). |
|
Thanks for the patch, worked for me! |
|
Ah, I think that's an issue due to partially-typed interfaces never evaluating as nil. Anyway, as the contents of the message indicate, there's no error there, so it's fine. Further, this is just supposed to be a (non-blocking) warning when the server fails to shut down cleanly. I'll try to figure out how to fix that nil check. |
The out-of-band flow is deprecated and can no longer be used to authorize new clients: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration#what-is-oob. Desktop clients should be migrated to the loopback flow: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration#desktop-client. Fixes odeke-em#1140.
bsidhom
force-pushed
the
loopback-auth
branch
from
85754d4
to
7fefdbd
Compare
|
Turns out there were 2 problems. I wasn't checking for |
|
@bsidhom Thanks for your patch I really don't know how to use this patch and install instead of the main one could you please help me with this? |
The out-of-band flow is deprecated and can no longer be used to authorize new clients. See odeke-em#1142 for a detailed explanation. Combine different commits into a single patch and commit.
|
Hello!! I just completed a fresh installation with the command "go install github.com/odeke-em/drive/cmd/drive@latest", but the authentication step doesn't work. Could you please provide some guidance on the steps/commands required to solve this issue? Best regards |
You have to clone the source and fetch the Pull request. Then build from source and copy the generated binary into the $GOPATH/bin Steps i've done (with the installation of drive already done with
After completing this steps I was able to authenticate the client. Since this is my very first comment on Github feel free to correct me if i'm wrong |
Thank you very much for the clear instructions. I will try them as soon as possible. Best regards |
Thanks for your comment! After this fix I was able to authenticate, but got error from google after authentication:
Have you encountered such issue? How to fix it? |
|
I'm guessing that's because you're using the default client ID. You may need to create your own client id and secret as mentioned here. Note that these environment variables are only used while running To set up a client ID, you'll need a Google Cloud project. Once you've set up your project, you'll need to enable the Google Drive API. After that, you can go to the credentials page and create a new credential for OAuth. You'll need to select "desktop app" when creating the credentials. There are some additional security benefits to using your own client secrets (assuming you're vetting the drive client code, only building from source, and keeping your client secrets safe). You'll also get your own quota pool, which is the reason this was historically recommended. If you don't want to actively manage your own developer project for this purpose, you might also consider switching to Rclone, which I believe supports the new Google OAuth flows. (On the other hand, if you're security-conscious, that's a much larger code base with a larger surface area; but with that, you also have more eyes on the project.) |
|
@djtinus I suppose they were populated in drive-gen. |
Yep, Google trying to make everything MORE hostile to anyone who would dare to use anything outside of their barbed-wire walled garden (look at the discussion about their intentionally-kneecapped Google Photos API https://issuetracker.google.com/issues/80379228 ).
The problem with RClone is it doesn't export GoogleDocs to local files. This is the only utility I've seen that can do that. And Google is doing everything (legal or otherwise) to make sure you can't leave their ecosystem. I really need to find an alternative that lets me do my writing from multiple devices/platforms, where I can set the docs to work offline as well. |
|
Well, that was a waste of time. Managed to browbeat Google's system to let me access the API, and when I run the sync to bring down all my doc updates, it exits and says "Everything is up-to-date" without pulling ANYTHING. I have definitely done edits recently, so there should be new files. Yes, I DEFINITELY need to move my docs off of Google. Every week they become more and more arrogant, and more hostile to the end-users. |
|
@jelabarre59 - Newer versions of rclone will export Google Docs to local files. I recently moved to rclone from drive for one of my Google Docs backups (I have several). It worked well. I may move more over after I have some more experience with it and the time to do so. |
The out-of-band flow is deprecated and can no longer be used to authorize new clients: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration#what-is-oob. Desktop clients should be migrated to the loopback flow: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration#desktop-client.
Fixes #1140.