gdrive: use LocalWebserverAuth instead of CommandLineAuth #52
Conversation
|
For the record, |
|
We need to see if we need to update the setting with the built-in Python app. @dtrifiro could you please test w/o feeding any custom secrets, etc? It should be working also. Also, let's check if we need to update docs (application setup in the Google Cloud is a bit different - you need to allow it to redirect to localhost something where this Also, need to check what happens if both 8080 and 9090 (I think it tries those two to run the localwebserver) are taken already. Ideally we should probably create a config option to setup this. (this not critical I think). |
Returns an authentication error with clear information about what's going on: Failed to start a local web server. Please check your firewall
settings and locally running programs that may be blocking or
using configured ports. Default ports are 8080 and 8090.Note that these two ports are hardcoded in Thinking about it some more though, using `LocalWebserverAuth` instead of `CommandLineAuth` is not ideal when running `dvc` on a remote server: in that case even if the user opens the link, there would be no listening local web server, so the authentication would be once again broken. We could suggest a (janky) workaround in the docs using If we do not want to go ahead with the |
|
thanks @dtrifiro !
which one? could you clarify please?
👍
good as a workaround. also they can run it once locally and copy the credentials file to the remote machine or, we they are creating their own custom APP they could setup it in a some different way (provide an IP of the machine to redirect to) - we would need to expose some extra settings though for the remote
hmm, I'm not sure it solves it, though ... the whole |
Oh, you're right: I guess this will be fine then. |
dvc used Pydrive2's `CommandLineAuth` mechanism, which used the now-deprecated OAuth2 out-of-band authorization. This was replaced with `LocalWebserver` authentication, which no longer requires manual setup of client id/secret. iterative/dvc-objects#52
|
@shcheklein I can confirm that the OAuth flow works with both the default DVC app and a custom application (custom client secret/id). You can disregard my previous comments about client id/secret and docs update: setup steps remain unchanged. |
|
We still need to update docs? For a custom APP - does "Desktop App" type still works and do users need to allow redirects to |
@shcheklein We don't need to update the docs as far as I can tell: when creating a "Desktop App" it just works with no extra configuration. From my testing (for an "internal" app) just following the guide is enough:
As far as I can tell, using an "external" app should not change this. Here are the docs. If by "allow redirects" you mean setting up authorized URLs in the OAuth Consent Screen section of "APIs and Services", the answer is no: it just works and it's not even possible to manually add localhost:
|
|
I see, I meant this screen (that applies to Web App custom app type_:
But if redirects work fine for Desktop App then we don't need anything at all (potentially later, we can add some config to pass port / host name I think). Thanks @dtrifiro ! |
pydrive2.auth.CommandLineAuthuses out of band authentication (urn:ietf:wg:oauth:2.0:oob) which has been deprecated, breaking authentication for gdrive with oauth.Switching to LocalWebserverAuth solves the issue (thanks @shcheklein)
fixed iterative/dvc#7867