After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 755412 - [UOA] Update OAuth flow according to Google documentation
[UOA] Update OAuth flow according to Google documentation
Status: RESOLVED FIXED
Product: evolution-data-server
Classification: Platform
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: Evolution Shell Maintainers Team
Evolution QA team
Depends on:
Blocks:
 
 
Reported: 2015-09-22 13:10 UTC by Mardy
Modified: 2015-09-23 13:41 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Suggested fix (4.52 KB, patch)
2015-09-22 13:10 UTC, Mardy
none Details | Review

Description Mardy 2015-09-22 13:10:16 UTC
Created attachment 311856 [details] [review]
Suggested fix

We currently don't get a refresh token. This is probably because the app is registered in the Google console as a Web application, but google sees authentication requests coming from many different IP addresses, so maybe this causes some restrictions.

The attached patch uses the ClientId and ClientSecret from the same application, but this time declared as a native app. Also, we change the redirect URI to the only one allowed for native apps, i.e. "https://localhost/".

With this changes, we correctly get a refresh token after each authentication.
Comment 1 Milan Crha 2015-09-23 13:24:53 UTC
Thanks for the bug report and the patch. I'm fine to commit it.

I've one question. My understanding of the RedirectURI parameter to the Google's OAuth2 native applications is that it's not mandated to http://localhost, it's used only if the native application uses some sort of a local server, on the client machine, which listens there. There's even written that such practice may not work everywhere, especially in places where firewall is involved [1]. From that it's not the only allowed redirect URI for native applications.

[1] https://developers.google.com/identity/protocols/OAuth2InstalledApp#choosingredirecturi
Comment 2 Mardy 2015-09-23 13:37:56 UTC
Hi Milan, it used to be as you say. Unfortunately now things have changes, and when I choose the "Other" application type from the Google developers console, I'm not given a choice of a callback URI anymore: only the urn:ietf:wg:oauth:2.0:oob and http://localhost URIs are allowed.
Comment 3 Milan Crha 2015-09-23 13:41:55 UTC
Weird it's not in the Guide, which was updated slightly more than a month ago. Anyway, I'm not able to test this fully, thus I fully trust you and your testing:

Created commit 64700cd in eds master (3.19.1+)
Created commit e23e8c9 in eds gnome-3-18 (3.18.1+)