Google::HTTPAuthorizationFailed

Question

Google::HTTPAuthorizationFailed

Closed this issue 10 years ago · 5 comments

I can use my oauth creds, get refresh tokens, and make requests to the calendar api while running an application locally. When I try to run this on a server I consistently get HTTPAuthorizationFailed. I have tried using different oauth creds, calendar ids. All credentials seem correct on the remote server. Oauth allowed urls seem correct also, unless this library appears from a different origin than other requests from the server.

I'm pretty much out of ideas aside from pulling the library apart to get a clearer picture of what requests are being made to google.

Any ideas?

Answer 1 · 2015-01-07T16:48:33.000Z

This is tricky to figure out with the given information. We use it on our live server with no issues, so I know 'it works' at least in our environment.

Do you get an HTTPAuthorizationFailed for every request or just for some of them?

Are you using a single refresh token for the app, or does each user have their own?

Do you use any caching?

Answer 2 · 2015-01-07T17:46:04.000Z

The flow is basically this

App is configured with client id and secret, as well as calendar id. Once app starts up, using standard oauth flow, user (calendar owner) gets a refresh token using omniauth. This token is stored for future use.

Calendar api is initialized with the same client id and secret used for oauth.

This process will work locally, however when pushed to a server (heroku app) it successfully gets an oauth token, but fails to connect via the calendar api. The only difference I can tell between the two environments is possible issues around origin and callback urls.

The token has greater scopes than just calendar, but the app is not configured to use strict scopes.

Answer 3 · 2015-01-07T18:46:49.000Z

Make sure your origin and callback urls match those that you are using on the live server. You can setup multiple entries for both fields in the google developers console.

if that doesn't work add some logging to the Connection::send method and we'll go from there.

Answer 4 · 2015-01-08T04:29:21.000Z

Thanks for the help, I added some debug code but it ended up not being a huge help.

My issue seemed to be one or all of several issues.

I was not explicitly requesting access_type offline for the token. Offline is the omniauth default but it does not seem to necessarily request it on it's own.
Somehow I had a mismatch between my client ids and secrets (OR when I changed something it regenerated a secret)
I was using the client ID not the client email.

Note: I never received an Oauth failure, oauth ALWAYS worked, but rather calendar login failed. After changing these things randomly, things began to work. Perhaps oauth sessions get cached google-side preventing new changes from taking place, and from auth issues from being seen further down the line. Quite bizzare.

So it seems to be working now, still no idea why it worked locally. It must have been a token cached by google that caused the issue.

thanks for the help, and watch out for these issues!

Answer 5 · 2015-01-08T05:35:49.000Z

Thanks for following up. Hopefully this will save someone else some time.