Getting "Connection refused to 127.0.0.1:55661" as the last step after authorizing with Google project for oAuth2.0 access
Closed this issue · 14 comments
Are you already using OGCS?
Yes, and have been for several years now. Currently running version 2.10.2.0 Alpha.
Describe the question you have
After progressing through the authorization steps to access Google calendar and successfully configuration--at least synchronization is working--a web page opens with an attempt to reach the URL:
I've tried accessing just "http://127.0.0.1:55661" and obtain the same "connection refused" error.
To determine if my AV/anti-malware/firewall software was blocking the port/IP address, I tried adding an exception to the firewall configuration, the error persists. I then tried disabling the web protection component. The result is the same error. I have not tried disabling the Heuristics configuration; this is the only step I haven't attempted.
I know that I registered (why I had to uninstall and create a new OAuth2.0 "project" is a different problem that I resolved, unless this is related somehow...) the project, obtained the OAuth2.0 credentials through that Google project and was successfully using OGCS for a month when this afternoon OGCS indicated that the authorization had been "revoked." I then had to go through the process of disconnecting my e-mail account and then re-connecting my account
The questions are: what is the purpose of accessing http://127.0.0.1:55661? Does it complete the actual authorization, and without successfully completing whatever this task in the browser is for this port I'll be having to go through the same issues a month from now, and then a month after that, and...
I don't believe this to be a "bug" but an issue for which more information on the purpose of making this connection is, how to successfully make that connection, and I guess, how important is it that this connection be made to complete the configuration.
Your issue should be covered in the wiki.
I don’t utilize Chrome as my default browser, I use Firefox.
Does it make any difference if you change the default browser to Chrome? It is the browser after all that is interpreting the callback URL and you mention you have browser extensions installed - do any of them perform as some sort of middle man proxy (eg FoxyProxy) or a packet sniffer (eg BurpSuite) that will also be listening on localhost?
You also say you are using your own project, so worth reading through this SO article to check if you created the project credential correctly.
I suggest you narrow down the issue by reverting to the default OGCS authentication (not your own project API keys) and Chrome as the default brower without extensions enabled, and if that works, change one configuration item at a time until you
locate the issue.
Ultimately the random callback port is automatically generated by the Google OAuth .Net library in order to return the access token; it's not something custom that OGCS is doing. TBH, I'm surprised you're saying OGCS is working at all if this step fails.
Specifically, is a failure to reach the port on “localhost” possibly why Google terminated the authorization for the app
I think there are many reasons your access token might be revoked/invalidated, eg. reconfiguring the project config, changing your Google password, Google believing there is suspicious activity etc.... I don't think the failed callback URL will invalidate an existing access token, no.
Copied @newtonrs's comment from #1664 (comment)
Hi Paul,
I’ll try to reply to both your messages here together…
Regarding the switch to Chrome; that made no difference. The port must be blocked, but how when the AV software has been suspended, I do not know—I’m not uninstalling it to test that the AV software is the issue here.
The “project” is configured per the instructions you made available through GitHub—and seems to closely parallel the information at the link you provided—so, I’m fairly certain that the process was completed correctly. In addition OGCS was functioning and then stopped—perhaps the issue you indicate that Google was experiencing?—and so I tried using the credentials that already existed to reconnect, after disconnecting, the calendar. Again, this failed several times, so I decided to create a new “project” following the same steps as have been outlined. The original project and the new project appeared the same in setup and each had associated with it its own client ID and secret.
The new client/secret worked for approximately one month and then OGCS stopped working and then the message about the project “expiry” and no longer being valid. I then attempted to disconnect and reconnect with the previous project—the original project—and the message was the same: expired.
I deleted these two projects and started from scratch… This time around the project would not properly complete the configuration with OGCS, as per the posting and our “conversation” here about this issue. Finally, I disable all extensions to Firefox and the process completed to “register” OGCS with the only remaining “project” with an id/secret available. This is when the access error for “https: // 127.0.0.1:55661” first appeared. I then attempted the disconnect and reconnect with Chrome—per your message—as the default browser; result the same failure to connect to 127.0.0.1:55661.
So, my question: is the failure to make the connection to 127.0.0.1:55661 going to affect my usage, or my continued usage of OGCS? I ask since the last time this happened; failure to connect to 127.0.0.1:55661;I got one month of OGCS synching before getting the project expired notice and OGCS could not longer sync?
Hope this makes sense out of the question and the steps that I’ve already taken. And as you probably can tell, at this stage OGCS, using the latest id/secret is currently functional; I just want to keep it that way beyond 30-days.
Thanks,
I'm not 100% sure what you mean by the "project expiring" - do you have a screenshot or something of that message? The refresh token does expire every so often, but if your whole API project is expiring, then I'm not sure I've ever seen this before but I doubt very much has anything to do with the authentication fully completing.
Another thing to try, when you get taken back to http://127.0.0.1:55661 can you edit that to http://localhost:55661 and see if that works?
🖇️ Unfortunately GitHub doesn't support submitting files and screenshots to the ticket when replying by email - please log in to GitHub to upload files.
I suggest you narrow down the issue by reverting to the default OGCS authentication
This would still be my recommendation, to confirm if the issue is with your personal project or failure to talk to the localhost callback URL.
when you get taken back to http://127.0.0.1:55661/ can you edit that to http://localhost:55661/ and see if that works?
Doesn't sound like you've tried this either.
but have until now assumed it had nothing to do with the upgrade
You can always downgrade, but I don't see v2.10.2 introduced any changes regarding OAuth.
Attached is an image of the process of connecting to my Google/GMail Calendar and the messages along that path. Note that, per your request, I've returned to using the default method of connecting to my calendar.
At this moment, the calendars are again synchronizing. However this worked first for over a year, then for a month and then for few days, using the Google API "project" (as mentioned in a 2020 note for an error synchronizing, and reference elsewhere--issue #1049).
Within the image there is information on the fact that neither the HTTP nor the HTTPS protocols make a difference. Nor does changing from 127.0.0.1 to "localhost" as the target address. Also, note that the web protections of my AV software were disabled during these tests, and that the tests were conducted in both Firefox and Chrome with all extensions disabled. There is one change though, of which I don't know if it is even remotely significant; the port that the URL is trying to connect is different--also noted in the image.
If you can tell me if this final step is important in maintaining the ability of OGCS to function for synchronization, that information would be appreciated. And, if it is important, any ideas/steps on how to resolve the issue would also be appreciated--if you need a "guinea pig" to try various solutions on, I'm willing to be that "guinea pig."
Thanks,
Rick.
Image link below:
I'm afraid you're already the guinea pig as this issue is specific to your computer and its inability to listen to traffic on HTTP localhost. Have you started using a web proxy or its configuration recently changed? As Firefox says, if you have a firewall or proxy blocking access (to localhost), you need to allow that.
Note these things would be a lot quicker to troubleshoot when the OGcalsync.log file is provided.
For the port, I said in an earlier post that the callback port is automatically and randomly generated by the Google OAuth .Net library, so it's absolutely expected to change each time.
Ultimately, as long as you get a Google.Apis.Auth.OAuth2.Responses.TokenResponse-user file after authorising OGCS to manage your calendar, then the process has completely successfully. If this token/your project then expires are some time and you are unable to continue using it, then that sounds like a completely separate issue. I previously asked for a screenshot or evidence of the "project expiring" message you get, but have yet to see this.
The inability to reach “localhost:”/”127.0.0.1:” is new and started with the latest upgrade to 2.10.2.0 Alpha
As already suggested, downgrade and check the problem still exists. My money is on that it will.
I created this “project” when I was receiving authorization errors when Google started requiring OAuth2.0 authorization from external/non-Google applications accessing their Apis.
Not sure what you mean. The default API keys provided by OGCS have always had a project that has been approved by Google - yes there was a change in their requirements a couple of years ago, but I went through the verification process before the deadline, so no one should not have had to set up a personal project. The only reasons for doing so is for those that are very security conscious (not really a valid reason, but each to their own), those that were getting affected by Google's rate limiting (though Google changed their limiting mechanisms and this should not really occur any more), and those that want to sync more often than I allow with the default API keys.
So long story short, you've reverted to the default API keys and everything works as expected (aside from something on your computer blocking incoming localhost traffic) 🙂
You won't get a "project expired" notification using the default project - if you did, that would affect all users, not just you. I don't provide support for people setting up their own project for the exact reason this issue has proved - it is a rather convoluted and error prone exercise! Therefore I think this issue can be closed.
For instance, how is OGCS validated by Google? You mention that OGCS’s API Keys have always been approved by Google. Is it not then, a project that has access to the Google Calendar API and has, though hidden from the end-user, a ID/secret pair??
Yes, it's a project same as your personal one - when you take it out of test mode, Google will require you to go through a process to have it verified.
All I can assume is that the configuration of your project differs in some manner, which is causing it to expire - but I have no clue what! As I say, I can't really provide support for users configuring their own project for API keys and as long as OGCS works OK with the default installation, then I think I'll have to close this ticket out. Here's hoping you don't encounter any further issue... 🙂