Google OAuth running on remote server and authenticating locally - google-cloud-platform

I'm using Python to interact with Google Sheet API using a library called gspread_pandas.
The flow to let this python script to authenticate on google is basically:
Create a project on GCP;
Create an OAuth2 token (the application type is "web app" , but in doubt if should be
"desktop app");
Expose the token on local environment and run the python script;
The Python Script will ask to access a link like below:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=foo.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8182%2F&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fspreadsheets&state=acbdef&access_type=offline
And if I succeed on login, it runs the script smoothly (the data from sheets are retrieved by the python script).
Link to the description of authentication process.
It runs fine if I'm running it locally on my machine, when I setup this workflow on EC2,
when I run the python script on the EC2 terminal, it asks me to access an external link (accounts.google...) and when I click on it, I open the browser on my local machine, I insert my google credentials and at the end of the process it throws:
This site can’t be reachedlocalhost refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
The terminal on EC2 keeps stuck waiting for the login process to end but it already failed on my local browser (on my machine).
My suspicion is that when I log on google using my local browser, it can't get back to the EC2 and finish the authentication process.
The type of this OAuth token is "Web Application" and the URI redirect I set https://<public-ip>.sslip.io/8182 (so I can use the aws public ip on gcp, for testing only).
I wonder how to use Google OAuth on a remove server and login to google account on my local browser. I'm trying this method because the library docs says its possible:
you will have to authenticate through a text based OAuth prompt; this makes it possible to run on a headless server through ssh or through a Jupyter notebook
Link to citation
I tried to use service-account but my company does not allow this kind of auth.

Related

Gmail API authentication redirect not working on AWS EC2

I'm trying to run a python script that interacts with the GMail Api on AWS EC2. Said script SHOULD either process the authenticated inbox or ask for authentication if the token doesn't exist. This authentication normally takes the form of opening up a browser window. This works on localhost but doesn't work on my EC2 instance.
I've tried running a webserver using Flask (accessible through its public IP) and having the call to the script be the result of clicking a button. When I do this, I get other interactivity from the Flask script and the authentication URL prints out on the CLI, but I'm not redirected.
I've tried just running the script from the CLI, but that obviously doesn't work. That last one might've just been desperation and/or wishful thinking.
EDIT: Info - The URL seems auto-generated so I don't know it ahead of time.

Rstudio Server is Having Issues Deploying an APP

I have some r code and I am having some issues with automatic authentication to access the spreadsheets in a shiny dashboard.
I have set up the servers on a VM and have been able to make r-studio server and shiny-server work. Problem now lies within app deployment. Currently I have been able to do this in a user session. But the problem is not that I am getting redirected to google authentication and it is not allowing me to do that on the server side so the execution halts.
This is shared with all googleAnalyticsR users.
If making a lot of API calls, please:
visit: XXXXXXXXXXXXX
for instructions on setting your own Google Project
2019-05-05 02:55:52> Set API cache
2019-05-05 02:55:52> No environment argument found, looked in
GA_AUTH_FILE
2019-05-05 02:55:52> No httr_oauth_cache file found at sc.httr-
oauth - creating new file.
Error in value[[3L]](cond) :
Authentication options didn't match existing session token and
not interactive session
so unable to manually reauthenticate
Calls: local ... tryCatch -> tryCatchList -> tryCatchOne ->
<Anonymous>
Execution halted
The expected results would not showcase an Execution Halted.
Furthermore on the server itself it is not really allowing me to actually allow for such extensions. So I am curious if someone had any suggestions. I can also offer the code if needed for the actual app.R.
You need to upload the sc.httr-oauth (or whatever you have called it) authentication token that is generated locally to the script's working directory on the server, so the authentication can find it. You should also make sure the permissions for the file lets Shiny update it.
You are seeing an error where its looking for the file but it not being present, it then attempts to re-authenticate by launching a browser but as its not a interactive R session it will fail (you can't log in for the OAuth2 flow)
You can specify the authentication token location in your script via ga_auth("file_location")

Using smartcard credentials, obtained by a webpage

I have two servers on a Windows domain that include an active directory that is correctly configured to allow users to login using smartcard credentials. Currently, I can login to server1 and run remote PowerShell commands on server2 using smartcard credentials through WinRM, without any problem.
I would like to build some sort of web service (preferably on node.js) on server1, so that it presents a user with a webpage that prompts for smartcard credentials. Using these credentials, server1 would be able to run remote PowerShell commands on server2.
Is this possible? I saw some references to pcsclite on other posts. Is this all I need? If so, could someone provide a code snip-it of something that could accomplish this?
Maybe a simpler question that could help me get started, would be how could I even use these credentials to connect to a file share on server2 and download a file?
Thanks!
Look int using WAP in IIS to set up a gateway and use Active Directory Client certificate mapping

How to access MongoDB values/data after binding to cloud foundry?

I am using spring boot and created a web application using a mongodb database. Locally I use command prompt "mongod" and "mongo" where I can query the data that I have inputted in the UI.
My current application is using MongoDb running on localhost with default port 27017. My web application reflect the data that is stored in the database. When I push this application to cloud foundry, and bind the MONGODB service, it uses another database. Where and how can I view/access all the data that are being inputted. On the local machine I am able to use db.collection.find() and it queries all of my data.
Problem
Once I push my application to cloud foundry, All my data that was stored locally is not linked with it. I am able to store values into PCF MongoDB. But I do not know how to view the data that I have in it. Is there a command or a method to view all the data that I have inputted into PCF MongoDB?
Attempt
Looking at my VCAP_SERVICES I was able to see my database name, username, and password. But they look like they are encrypted, it has letters numbers and hypens all mixed. Example below how VCAP looks like(replica values, same format)
"database": "9faf201a-39b1-4lse-49242f404g11"
"host": "10.100.100.333"
"password": "2jnkj4nk22kk5lk6kj4n4k6nkj6001"
"username": "401849301k-8g3f-5c3j-k28-583920308592f04"
I tried using the code below in a CLI
mongo someurl.mongodomain.com:45475/database_name -u username -p password
So for databasename, username, and password I simply copied and pasted the encrypted looking username and password
mongo myurl.com:1337/9faf201a-39b1-4lse-49242f404g11 -u 401849301k-8g3f-5c3j-k28-583920308592f04" -p 2jnkj4nk22kk5lk6kj4n4k6nkj6001
and I get a connection failed. Maybe I have to input the correct user name and password. Where can I set a username and password? I am using spring boot and it was automatically handled for me. So that, I never created a username or password.
Here are five suggestions (thanks to Daniel.Mikusa for the last one):
Push a web client for mongodb and bind it to your database. There seems to be a cloudfoundry wrapper for mongo express: https://github.com/komushi/cf-mongo-express .
You may be able to connect to the remote mongodb with the mongo client program in a similar way as you connect to your local mongodb. You can find the credentials (username, password, db-name) in the environment of your app:
cf env <your-app-name>
Access to the mongodb instance may, however, be blocked from machines outside of your CloudFoundry installation. In this case you may want to try the next option.
Push a docker container that has the mongo client installed to cloudfoundry. Ssh into the docker container, and use the mongo client from there. Pushing docker containers to CF is not enabled in all cloudfoundry installations.
Finally you could expose your domain objects via REST-Controllers. Possibly using spring data rest: http://projects.spring.io/spring-data-rest/.
Use cf ssh and an ssh tunnel. Bind the mongodb instance to an app, run cf env to get the host, port and credentials (or make a service key). Then run cf ssh -N -L <localport>:<service-fqdn-or-ip>:<remote-port> app-name (the app you connect to doesn't strictly matter, it's just the one we are tunneling through). Now connect a client to localhost:<localport> and use the credentials you got from cf env.

web services failed

I have created a web service (.svc). The web service is running successfully when i connect through local computer, but when i deploy the web serivce on a web server it can't be accessed and shows an exception.
"Unable to automatically step into the server. Connecting to the server machine 'XXX' failed. Logon failure: unknown user name or bad password. See help for more information."
The service is running in a browser successfully, and can also be accessed as a client from the web server in a broswer.
Thanks.
This looks like a permissions related issue.
When you run locally, chances are that you have sufficient privileges to access the service.
The picture changes on the server. Check under which account the service is running then make sure you have the proper permissions or configure your service to accept calls from you or from unauthenticated users.
It seems you are trying to debug the webservice on the server. Is that what you intended? Then make sure your account has rights to do so on the server.
Debugging aspnetwebservice on a remoteserver
If you want to make sure the webservice runs you also can open the webservice using a browser.