I have a google workspace addon which is extending gmail and is using app script oauth to connect our own system, https://github.com/googleworkspace/apps-script-oauth2.
Our system has a development environment and a live environment, each uses a different identity client id secret which need to be used when connecting to each. I have stored these as different project properites with the development properties being prefixed with 'dev-' and i have a function that looks like this:
getScriptPropery function. This function has a variable that should let me change the script properties I access.
I have then created a versioned deployment that uses the live project properties and have kept my HEAD deployment using the develpoment properties. My problem is that once someone tries to login on the versioned deployment they seem to be redirected back to the HEAD version of the code which is using development project properties, this then breaks the login attempt and gives the following error: AppScript login error. I have tested this by adding logging that is only in the HEAD version of the getScriptProperty function and you can see the logs swap to using the development properties after redirecting from the login attempt, Logging example.
Is there a better way to manage deployments/project properties to stop this from happening or have a just missed something with how they are meant to work?
Related
I am developing a GAS app.
Im using clasp to develop locally. I managed to get the connection working in order to run functions locally.
This required to move the GAS project from the default one to a new dedicated project.
I had to set up a proper OAuth ID in order to get the credentials for clasp, as they show in their Documentation.
The issue now is that the previosuly working webb app deployment dont work anymore. I get the next error:
404:
The requested URL /scripts/<MyProjectId>:run was not found on this server.
error screenshot
I'm thinking the web app deployment needs a proper OAuth or some other configuration in the new GCProject, but i cant figure out what it is.
Thanks in advance for any help.
As my title states, we are using the AWS .NET SDK and on our web.config configured a profile that points to a credentials file(see: https://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/net-dg-config-creds.html using credentials file) on the disk(so out of the source code). This seems to work fine but we are rotating these keys every x period so we need to change the keys within the file. My question is does de AWS .NET SDK notice that the file is changed and automatically load the new credentials or when does it actually load? In other words, if we change the credentials in this file do we need to do additional steps for the application to actually use them?
What I tried now is start up the application locally, change the credentials to a faulty one and calls are still going thru without a problem. Next, I stopped my application and rebuilded in with the same file having faulty credentials. After doing this the application is still able to make correct calls so I'm wondering how this works as if it is falling back on credentials that did work. Or maybe I just didn't test right.
We are using .net framework 4.6.2 application using the aws sdk version 3.3
Also what i forgot to mention is that for each request we initialize the client like this:
using (AmazonCognitoIdentityProviderClient client = new AmazonCognitoIdentityProviderClient(regionEndpoint))
Short answer is creating a client like that will cause the credentials to be read from the credentials file when the first client is created.
The longer answer is when you create without credentials the client uses the FallbackCredentialsFactory class to find credentials either through the credentials file or environment like EC2 instance metadata. The FallbackCredentialsFactory has a static instance of Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain which is what gets the credentials for a profile.
If you want to something different you could have your code create an instance of CredentialProfileStoreChain before creating a client and use that to get the credentials and pass those credentials into the client.
I tried to setup-up a custom jenkins image, based on the redhat jenkins image. The redhat jenkins image, has the Openshift Login Plugin, installed already.
After, the image started up properly, I tried to login, with my Openshift credentials, but it didn't work.
I just saw the the following error message:
"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.","state":"xxxxxxxxxxxxxxxxxxx"
and there was another message in the OS terminal of the running pod.
I read about several other issues from the Openshift Login Plugin, but also an update to Version 1.0.12 didn't fix my problems.
My Problem was, that I didn't knew, that each Openshift Service Account has a redirect reference - specially configured for one deployment.
I already used the Service Account, I used for the above mentioned Jenkins, for another Jenkins Deployment, because of this Openshift added the redirect reference, configured for this "older" deployment.
In our Openshift Setup (3.11), you aren't able to find the redirection configuration within the Service Account settings that you can find under Resources --> Membership --> Service Accounts. Instead you have to look and edit the YAML File of the Service Account, that you can find under Resources --> Other Resources --> Service Account.
serviceaccounts.openshift.io/oauth-redirectreference.jenkins
Since this is quite tricky to find out, I hope that I could possibly save somebody a few hours of searching.
I'm trying to get the Cyberduck CLI (duck.sh) to work interfacing with a google drive (not "Google Cloud Storage") and I'm having problems getting the oAuth authorization to work. I found this thread but it's out of date - as the newer versions of Cyberduck do absolutely work with Google Drive. Using the regular cyberduck GUI I can browse and operate on my G-drive instance, but I can't quite quack the code (sorry!) for how to make this work using the CLI.
[lwobker:~]$ duck -l googledrive://<user>#gmail.com/
Authenticating as <user>…
OAuth2 Authentication. Paste the authentication code from your web browser.
Authentication Code: <pasted pass here>
Save password (y/n): n
Disconnecting www.googleapis.com…
Login failed. Malformed auth code. Please contact your web hosting service provider for assistance.
I've tried a number of different URLs, including:
#gmail.com
me#gmail.com#www.googleapis.com
and a couple of others.
I also can't seem to figure out where the GUI version of cyberduck stores it's authorized credentials... if I could re-use those that would be fine, doing a one-time setup at the beginning doesn't break my use case.
I'm somewhat familiar with the Google Developers API, and I've created one for use with this project, but I can't seem to figure out how the Google "Client ID" and other credentials map to the Cyberduck tool.
Make sure you paste the auth code obtained from the Google login page opened exactly as is without any line breaks. More information is available in the wiki.
Telescope allows to choose the only three Authentication Methods from admin settings panel. The three methods are through email/password, facebook, twitter. I would like to add google to the authentication methods.
My local copy of the sites folder has been deleted, otherwise I could have used the command "meteor add accounts-google" in terminal. I also tried executing the same command in the console, but its showing errors.
It would be helpful if any one could suggest adding google account as an authentication method.
You deleted your development copy of the site? That's a problem. You're going to need a local development environment to make changes to the app and redeploy.
meteor add accounts-google and a redeploy is your solution.