jpillora/node-edit-google-spreadsheet

"Google Client Login Error: Login Failed" since 2015/5/26

ArxArcher opened this issue · 21 comments

Hi, all
I have encountered error message "Google Client Login Error: Login Failed" since 2015/5/26.

I use "Username and Password" authentication, the google account & password are not misspelled, I can use them to login and retrieve spreadsheet data normally before 2015/5/26.

Any help will be greatly appreciated :)

Uh ohhhh https://developers.google.com/api-client-library/java/google-api-java-client/client-login

Important: Do not use ClientLogin for new applications. Instead, use the more secure OAuth 2.0 authentication protocol. ClientLogin is a deprecated authentication protocol, which is being turned down on April 20, 2015. At that time, ClientLogin requests will no longer be answered. If you have existing applications that use ClientLogin, you must migrate to OAuth 2.0. The ClientLogin support in this library will be removed in the next major release.

Seems like Google is killing client logins, this will need a documentation fix

I'm seeing the same 'login failed' error today. I just started using this library so I thought there was something wrong with my credentials. Can this module be used with OAuth 2.0?

I think you can use the Google API Console to generate a static token where you can use it like this https://github.com/jpillora/node-edit-google-spreadsheet#basic-usage

Would be good if someone could confirm this process so the docs can be updated

cool thanks for the tip. I'll be looking into this in the next few days and I'll let you know if I come up with anything valuable.

Same problem here. People at my desk asking why apps don't work anymore.
Let's work on a fix that works with oAuth.

Anybody wanna make a tasklist?

The easiest way I found to fix this:

  1. Go to https://console.developers.google.com
  2. Create a project
  3. In the project, go to 'APIs & Auth' -> 'Credentials' and 'Create New Client ID'
  4. Select 'Service Account' as the type and p12 as your container
  5. Convert the downloaded p12 to PEM with 'openssl pkcs12 -in [the pem file] -out google-oauth.pem -nocerts -nodes
  6. In your code, where you do the login via user/pass change it to:
oauth : {
  email: '[mail address stated next to your created client id]', // something like 'random-string-123abc@developer.gserviceaccount.com'
  keyFile: 'google-oauth.pem' // make sure the path is correct
}
  1. Share documents with the above mail address

I think that's about all I did to get it back working

@Dredalious thanks, though I'm wondering if there's a way to create a static access key

I tried finding that as well, but didn't come up with something that worked. I'm guessing the static thing is for when you have another process that retrieved the oauth token, so you can reuse it without requesting a new/other one.

I managed to get OAuth 2 working independently, the result of which is an access token (a string) that needs to be passed along in the API urls. It seems that perhaps all we need to do is add a new authentication path in the library that just takes an OAuth 2 access token (which you obtain separately) then the library is perfectly usable again... just choose to pass in an access token. I won't be able to look into this for a few days but thought I would share this thought right away.

Thanks @Dredalious. I found the Google way to create the pem worked for me:

https://cloud.google.com/storage/docs/authentication

$ cat /path/to/xxxx-privatekey.p12 | openssl pkcs12 -nodes -nocerts -passin pass:notasecret | openssl rsa > /path/to/secret.pem

I worked around this by:

  • Creating a OAuth clientid for "other" installed application in google developer console
  • Creating a oAuth2 token-set using https://github.com/google/google-api-nodejs-client/blob/master/examples/oauth2.js (with some simple modifications to ask for drive.readonly permissions.
  • Storing the refresh_token (and timestamp, for that matter)
  • making an accessToken function using googleapis module's google.auth.OAuth2 and the refresh token to make an access token.

Some extra steps, but in effect I get the same as login with username/password

@cybic Do you have a fork so others could apply the work around?

@RamonGebben unfortunately I've only done it outside this module, I might be able to make a PR, though not before tonight (CEST).

@RamonGebben I managed to create a working solution, now. There are some hoops to be jumped through, but I've also provided an adapted script based on googleapis oauth2 example. The script must be edited and run to get you through the process of granting permissions using the OAuth2 mechanism.

Please, do try it, and ask if anything is unclear.

Created PR #73 from my fork.

Thanks @cybic, merged and published as 0.2.19, @cybic has added a helper file to retrieve OAuth2 credentials:

See https://github.com/jpillora/node-edit-google-spreadsheet/blob/master/get_oauth2_permissions.js

// Client ID and client secret are available at
// https://code.google.com/apis/console
// 1. Create or pick a project
// 2. Choose "API & Auth" and then "Credentials"
// 3. Click "Create new Client ID"
// 4. Select "Installed application" and "Other"
// 5. Copy your ClientID and Client Secret into the fields beneath

var CLIENT_ID = '';
var CLIENT_SECRET = '';

// 6. Check if readonly permission is ok, if not change to 'https://www.googleapis.com/auth/drive'
//    ..Or find the correct scope you need here: https://developers.google.com/drive/web/scopes

var PERMISSION_SCOPE = 'https://www.googleapis.com/auth/drive.readonly'; // can be a space-delimited string or an array of scopes

// 6. Run this script: `node get_oauth2_permission.js'
// 7. Visit the URL printed, authenticate the google user, grant the permission
// 8. Copy the authorization code and paste it at the prompt of this program.
// 9. The refresh_token you get is needed with the client_id and client_secret when using edit-google-spreadsheet

I'll leave this open as many will most likely land here looking for answers. I think a simple webpage could also perform this. That way it's entirely in the browser. Anyway, this is good solution in the interim.

A webpage could also store the IDs and tokens, and you could be giving away your credentials. Using a script it somewhat more transparent.

It would be hosted on this repo (gh-pages) and vetted by its contributors and could be done in very few lines so anyone could look at the source and vet it themselves.

Updated examples to use oauth2. Gave the browser token generator a shot, though hit CORS issues. A Heroku-hosted version of the script would also work. Anyway, will leave it as is for now.