Geek Answers Handbook

Is it possible to use "delegation of domain authority" with gdata-python-client?

I use the Google Domain Shared Contacts APIgdata-python-client to access .

In corporate applications, you can program access to user data without any manual authorization on their part.

There was a protocol called 2LO (2 legged OAuth), but it looks like it was associated with OAuth1, which is out of date: "Important: OAuth 1.0 is out of date, and the registration of new OAuth 1.0 clients is closed." in all Oauth1 docs .

There is a new OAuth2-based recipe for " Domain Transfer" :

In Google Apps domains, a domain administrator can provide third-party applications with access to their users' data across the entire domain - this is called transferring domain credentials across the entire domain. To delegate authority this way, domain administrators can use service accounts with OAuth 2.0.

This works with google-api-python-client, but not with gdata-python-client.

Question : Is there a way to achieve this using Python? The code from the gdata client seems to be prehistoric - is there another GAE runtime with a modern client library that supports delegation for data data APIs?

[update]

If I sign the httplib2 connection and call the Atom endpoint, I can get the channel.

http = httplib2.Http()
http = credentials.authorize(http)
resp, content = http.request(
    'https://www.google.com/m8/feeds/contacts/default/full', 'GET'
)

Unfortunately, it gdata-python-clientuses httplib instead of httplib2.

[SOLVED]

, - , , , httplib2. , , [aeijdenberg], 401.

+4
1

, Python Google App Engine gdata:

  • (https://cloud.google.com/console#/project).

  • "API Auth" API, ( API- gdata , , ).

  • "API Auth" → " " OAuth2 . , .

  • (https://admin.google.com/AdminHome), "" → " " → " OAuth Client".

  • " " , API, .

  • Google App Engine, PKCS12 PEM ( PyCrypto, Google App Engine, PCKS12):

    cat secret-privatekey.p12 | openssl pkcs12 -nodes -nocerts -passin pass:notasecret | openssl rsa > secret-privatekey.pem

  • .

  • Google API Python https://code.google.com/p/google-api-python-client/downloads/list, google-api-python-client-gae-1.2.zip.

  • :

    unzip ~/Downloads/google-api-python-client-gae-1.2.zip

  • python gdata https://code.google.com/p/gdata-python-client/downloads/list, gdata-2.0.18.zip.

  • :

    unzip ~/Downloads/gdata-2.0.18.zip
mv gdata-2.0.18/src/* .
rm -rf gdata-2.0.18/

  • , PyCrypto ( ):

    sudo easy_install pycrypto

  • app.yaml PyCrypto :

    libraries:
- name: pycrypto
  version: "2.6"

  • :

    import httplib2

class TokenFromOAuth2Creds:
  def __init__(self, creds):
    self.creds = creds
  def modify_request(self, req):
    if self.creds.access_token_expired or not self.creds.access_token:
      self.creds.refresh(httplib2.Http())
    self.creds.apply(req.headers)

  • SignedJwtAssertionCredentials:

    from oauth2client.client import SignedJwtAssertionCredentials

credentials = SignedJwtAssertionCredentials(
  "<service account email>@developer.gserviceaccount.com",
  file("secret-privatekey.pem", "rb").read(),
  scope=["http://www.google.com/m8/feeds/"],
  prn="<user to impersonate>@your-domain.com"
)

  • gdata :

    gd_client = gdata.contacts.client.ContactsClient('your-domain.com')
gd_client.auth_token = TokenFromOAuth2Creds(credentials)
xxx = gd_client.get_contacts()
+9

More articles:


All Articles