Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gdrive: oauth authentication broken #7867

Closed
dtrifiro opened this issue Jun 9, 2022 · 10 comments · Fixed by iterative/dvc-objects#52
Closed

gdrive: oauth authentication broken #7867

dtrifiro opened this issue Jun 9, 2022 · 10 comments · Fixed by iterative/dvc-objects#52
Assignees
Labels
A: data-sync Related to dvc get/fetch/import/pull/push bug Did we break something? fs: gdrive Related to the GDrive filesystem fs: gs Related to the Google Cloud Storage filesystem

Comments

@dtrifiro
Copy link
Contributor

dtrifiro commented Jun 9, 2022

Bug Report

google drive remote support with oauth authentication is currently broken for dvc

Description

Reproduce

  1. Follow oauth setup guide
  2. Add the google drive remote dvc remote add gdrive://<id>
  3. Run the following snippet:
echo foo > file
dvc add file
dvc push

Expected

  0% Checking cache in '<id> |                                                                                                                                                                                            |0/? [00:00<?,    ?files/s]Go to the following link in your browser:

    https://accounts.google.com/o/oauth2/auth?client_id=<client_id.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.appdata&access_type=offline&response_type=code&approval_prompt=force

Enter verification code:

Clicking on the URL would prompt the user with the OAuth consent screen.

Actual result:

Clicking on oauth2 authentication URL returns


You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob

Environment information

---------------------------------
Platform: Python 3.10.4 on Linux-5.15
Supports:
	gdrive (pydrive2 = 1.10.1),
	gs (gcsfs = 2022.5.0),
	webhdfs (fsspec = 2022.5.0),
	http (aiohttp = 3.8.1, aiohttp-retry = 2.4.6),
	https (aiohttp = 3.8.1, aiohttp-retry = 2.4.6),
	ssh (sshfs = 2022.6.0)
Cache types: reflink, hardlink, symlink
Cache directory: btrfs on /dev/mapper/lvm-root
Caches: local
Remotes: gs, gdrive
Workspace directory: btrfs on /dev/mapper/lvm-root
Repo: dvc, git

Reported on discord

@dtrifiro dtrifiro added bug Did we break something? fs: gdrive Related to the GDrive filesystem A: data-sync Related to dvc get/fetch/import/pull/push labels Jun 9, 2022
@daavoo
Copy link
Contributor

daavoo commented Jun 9, 2022

@shcheklein
Copy link
Member

shcheklein commented Jun 9, 2022

Hmm, I can't reproduce this on my end.

The first message is not about Gdrive - it's about Google Storage, right? The second one is also about GCP. not GDrive?

@daavoo @dtrifiro ?

@shcheklein shcheklein changed the title gdrive: oauth authentication broken gcp: oauth authentication broken Jun 9, 2022
@shcheklein shcheklein added fs: gs Related to the Google Cloud Storage filesystem fs: gdrive Related to the GDrive filesystem and removed fs: gdrive Related to the GDrive filesystem fs: gs Related to the Google Cloud Storage filesystem labels Jun 9, 2022
@shcheklein shcheklein changed the title gcp: oauth authentication broken gdrive: oauth authentication broken Jun 9, 2022
@shcheklein shcheklein added the fs: gs Related to the Google Cloud Storage filesystem label Jun 9, 2022
@shcheklein
Copy link
Member

For GDrive. It's broken when users are creating their custom applications. It's should be working with a https://dvc.org/doc/user-guide/setup-google-drive-remote#using-service-accounts as a workaround or with a DVC built-in application.

To mitigate this we need to more from a CommandLineAuth to the LocalWebServer auth. I hope that a matter of changing a few lines of code, updating docs a bit:

gauth.LocalWebserverAuth() instead of auth.CommandLineSomething() that we have now.

@dtrifiro
Copy link
Contributor Author

By looking at the error (redirect_uri: urn:ietf:wg:oauth:2.0:oob) and doing some research, it seems it is related to the deprecation of the out-of-band OAuth flow (see https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html).

https://github.com/iterative/PyDrive2/blob/2e43e4561d965ce78dc158a02fbdb75ba6c38105/pydrive2/settings.py#L58-L64

@dtrifiro
Copy link
Contributor Author

Related iterative/PyDrive2#180

@dtrifiro dtrifiro self-assigned this Jun 10, 2022
@dtrifiro dtrifiro added this to DVC Jun 14, 2022
@dtrifiro dtrifiro moved this to Backlog in DVC Jun 14, 2022
@dtrifiro dtrifiro moved this from Backlog to In Progress in DVC Jun 14, 2022
Repository owner moved this from In Progress to Done in DVC Jun 15, 2022
@aryan757
Copy link

aryan757 commented Mar 19, 2023

Can anyone help me out ?

dvc remote add -d storage gdrive://
(I've given my DRIVE ID copied and run this in my terminal ), i got the link , but after ,
dvc push
Access blocked: DVC’s request is invalid

@shcheklein
Copy link
Member

@aryan757 please share dvc version, and run dvc push -v to the full stack trace, and if you have anything else in the .dvc/config. Plus, pip freeze output and make sure that you are on the latest version of DVC and PyDrive2 please.

@aryan757
Copy link

dvc version : 2.10.2

@bernhardbirkner
Copy link

I guess this is related to the OOB Migration.
Is there a PR to resolver this?
https://developers.google.com/identity/protocols/oauth2/resources/oob-migration

@dberenbaum
Copy link
Collaborator

@bernhardbirkner This was resolved in the linked PR: iterative/dvc-objects#52. If you are facing an issue, would you mind opening a new issue? Often commenting on top of a closed issue gets lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A: data-sync Related to dvc get/fetch/import/pull/push bug Did we break something? fs: gdrive Related to the GDrive filesystem fs: gs Related to the Google Cloud Storage filesystem
Projects
No open projects
Archived in project
Development

Successfully merging a pull request may close this issue.

6 participants