Google Sign in problem

[ghost]

When trying to sign in via Google and a mobile app (used this example http://psa.matiasaguirre.net/docs/use_cases.html#signup-by-oauth-access-token) I'm getting a 403 Forbidden error with the following response:

{
  "error": {
    "errors": [
      {
        "domain": "usageLimits",
        "reason": "dailyLimitExceededUnreg",
        "message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
        "extendedHelp": "https://code.google.com/apis/console"
      }
    ],
    "code": 403,
    "message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
  }
}

from googling around I saw that the common issue is having Google+ API disabled, but for us it was already enabled due to previous use of the API in another internal project.

What I tried:

1. Disabling and re-Enabling the API
2. Using both OAUTH2 and PLUS strategies
3. Creating new Client ID and Client Secret

Our settings:

SOCIAL_AUTH_GOOGLE_PLUS_KEY = X
SOCIAL_AUTH_GOOGLE_PLUS_SECRET = Y
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
    'https://www.googleapis.com/auth/plus.login',
    'https://www.googleapis.com/auth/plus.me'
]
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = X
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = Y
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
    'https://www.googleapis.com/auth/plus.login',
    'https://www.googleapis.com/auth/plus.me'
]

AUTHENTICATION_BACKENDS = (
    'social.backends.google.GooglePlusAuth',
    'social.backends.facebook.FacebookOAuth2',
    'social.backends.google.GoogleOAuth2',

    'django.contrib.auth.backends.ModelBackend',
)

Facebook works perfectly

Would love any assistance!

[goatandsheep]

The Google+ Sign-In button and the plus.login scope used by Google+ Sign-In are not currently supported for use with the Google+ Domains API. Requests that are made to the Google+ Domains API using an authentication token granted for the plus.login scope, or generated by the Google+ Sign-In button, will fail.

Google+ API Documentation

[voutilad]

I only use the social.backends.google.GoogleOAuth2 backend and my project in the Google Developers Console has "Google+ API" enabled and it works fine. I think similar to what @goatandsheep might be saying, you might want to try removing the social.backends.google.GooglePlusAuth backend and just use the social.backends.google.GoogleOAuth2 backend.

[goatandsheep]

@voutilad I noticed that the Google+ Auth code currently has the following scopes:

    DEFAULT_SCOPE = [
        'https://www.googleapis.com/auth/plus.login',
        'https://www.googleapis.com/auth/plus.me',
    ]

Maybe all that needs to be done is remove the scope, https://www.googleapis.com/auth/plus.login

[sylwekb]

@ami-fairfly any progress on this?

[ghost]

@Gitfred we ended up just following this guide and implementing it ourselves, and had an easier time integratng it to our existing auth solution

https://developers.google.com/identity/sign-in/android/offline-access

[liberathor]

@ami-fairfly you can share your implementation?, we need really solve this issue.

I try with android and web to get token_id and send to server and can't solve.
https://developers.google.com/identity/sign-in/android/backend-auth
https://developers.google.com/identity/sign-in/web/build-button

and try it with documentation sample google+ sign in button and doesn't works
http://python-social-auth.readthedocs.io/en/latest/backends/google.html

[ghost]

Hi @liberathor ,

We don't use this code anymore but this is the gist of it. Hope it helps!

import datetime
import logging

import pytz
from oauth2client import crypt
from django.conf import settings
from oauth2client import client as oauth_client

class GoogleAuthBridge:
    def __init__(self, uses_new_google_client_id):
        self.uses_new_google_client_id = uses_new_google_client_id

    def validate_token(self, token):
        try:
            client_id_for_verification = settings.GOOGLE_SERVER_CLIENT_ID if self.uses_new_google_client_id else settings.GOOGLE_SERVICE_ACCOUNT_CLIENT_ID
            idinfo = oauth_client.verify_id_token(token, client_id_for_verification)
            # If multiple clients access the backend server:
            if idinfo['aud'] not in [settings.GOOGLE_ANDROID_CLIENT_ID, settings.GOOGLE_IOS_CLIENT_ID,
                                     settings.GOOGLE_SERVER_CLIENT_ID, settings.GOOGLE_WEB_CLIENT_ID,
                                     settings.GOOGLE_SERVICE_ACCOUNT_CLIENT_ID]:
                raise crypt.AppIdentityError("Unrecognized client.")
            if idinfo['iss'] not in ['accounts.google.com', 'https://accounts.google.com']:
                raise crypt.AppIdentityError("Wrong issuer.")
        except crypt.AppIdentityError:
            # Invalid token
            return None, None

        # Convert from google's timestamp to our "seconds till expiration" format
        expiration_timestamp = int(idinfo['exp'])
        now = datetime.datetime.now(tz=pytz.UTC)
        expiration_time = datetime.datetime.fromtimestamp(expiration_timestamp).replace(tzinfo=pytz.UTC)
        seconds_till_expiration = expiration_time - now
        return token, seconds_till_expiration.seconds
`

[pilotandy]

Ah, good old apathy. Too bad GooglePlusAuth still doesn't work.