GNOME Bugzilla – Bug 755412
[UOA] Update OAuth flow according to Google documentation
Last modified: 2015-09-23 13:41:55 UTC
Created attachment 311856 [details] [review] Suggested fix We currently don't get a refresh token. This is probably because the app is registered in the Google console as a Web application, but google sees authentication requests coming from many different IP addresses, so maybe this causes some restrictions. The attached patch uses the ClientId and ClientSecret from the same application, but this time declared as a native app. Also, we change the redirect URI to the only one allowed for native apps, i.e. "https://localhost/". With this changes, we correctly get a refresh token after each authentication.
Thanks for the bug report and the patch. I'm fine to commit it. I've one question. My understanding of the RedirectURI parameter to the Google's OAuth2 native applications is that it's not mandated to http://localhost, it's used only if the native application uses some sort of a local server, on the client machine, which listens there. There's even written that such practice may not work everywhere, especially in places where firewall is involved [1]. From that it's not the only allowed redirect URI for native applications. [1] https://developers.google.com/identity/protocols/OAuth2InstalledApp#choosingredirecturi
Hi Milan, it used to be as you say. Unfortunately now things have changes, and when I choose the "Other" application type from the Google developers console, I'm not given a choice of a callback URI anymore: only the urn:ietf:wg:oauth:2.0:oob and http://localhost URIs are allowed.
Weird it's not in the Guide, which was updated slightly more than a month ago. Anyway, I'm not able to test this fully, thus I fully trust you and your testing: Created commit 64700cd in eds master (3.19.1+) Created commit e23e8c9 in eds gnome-3-18 (3.18.1+)