I've been using
https://github.com/tokland/youtube-upload
to automate uploading of videos to YouTube, no other processes share the auth session, this process is the only one using the credentials. I've been using this for years however more recently, within the last couple months, it seems like the OAuth session keeps expiring on me almost on a weekly basis. This would break my automation and I have to re-authenticate weekly.
No updates were done to the script prior to this issue starting. Is anyone aware of any changes Google had made that may have cause this new behavior to happen?
The reproduction is as follows:
Have sufficient route to upload videos onto YouTube API
Use https://github.com/tokland/youtube-upload to upload videos to YouTube
When executing youtube-upload, it will prompt for OAuth2 authZ code, enter the code after visiting authZ webpage
Automate the uploads (~30 videos per day)
After a week, OAuth authZ session will expire and re-authZ will be required
OAuth session keeps expiring on me almost on a weekly basis.
From oauth2#expiration:
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
If your app is still in the testing phase your refresh token will expire every week. You need to set your application to production in google cloud console under the auth consent screen.
Related
My app runs on multiple subdomains
i.e. abc.foo.com xyz.foo.com for different regions.
We recently created a PWA for our app which runs on a different subdomain
m-abc.foo.com m-xyz.foo.com
To enable Sign in with Google for the PWAs, I added the redirect_uris and Authorized origins in the API Credentials for Google Cloud Platform.
Now, for these new subdomains I am getting the following error on the consent screen after choosing the google email address
This app is blocked
This app tried to access sensitive info in your Google Account. To keep your account safe, Google blocked this access.
The app currently asks for read/write access for Calendar only.
Could not find anything definitive on support documents either.
Anybody has any idea what I might be missing here?
To check, I added another subdomain def.foo.com and added redirect_uri for it. This time Google Signin worked fine without problem.
Does this have anything to do with the apps being a PWA?
Thanks!
I have a small personal-use only app that logs into a [throw away] gmail account to pull out an auth-token so it can then run a scheduled job (turning on/off my home cameras). Its dead simple and works, except that the app is in GCP TEST mode and it looks like the gmail auth expires in 7 days.
I highly doubt based on the below requirements that I can promote the app, and I dont want to publish it regardless. I tried GCP Support and wound up here. Im sure Im not the only person that has dealt with the 7 day expiration on a personal project. Any ideas?
If you check the documentation for oauth2#expiration
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
The key hear is setting your project into production.
What you are showing in that image are requirements for application verification. You shouldn't have to go though verification for a single user app.
Try just setting it to prodcution and then wait a week and see if it still expires. It shouldn't
I highly doubt based on the below requirements
Unfortunately with the new security restrictions. I wouldn't doubt anything these days. They keep changing the rules.
I don't have much idea about API but I managed setup Youtube API so that I am able to use Integromat workflow between Youtube and Airtable.
It works fine.
The issue I have is the connection between my Youtube API at Integroat is getting disconnected after a few days / weeks and have to re-verify(reconnect) to Google account again.
The Youtube app was setup properly (as instructed by Integromat) and as I said it works..... it's grabbing URLs of new Youtube videos on my Youtube channel and it is pushing those URLs into Airtable.
Now have even added mysef now as the user of the app. Wasn't listed as the user there (1 out of 100). Could that be the reason?
The Youtube API is setup as a test-app. Is that the reason for the disconnects at Integromat?
Do Ineed to request Google to have the app verified? Or can I continue with the app being a test app? (Because it says it hasn't been verified).
I don't know much about what I am doing but it sees working fine for me so I guess I managed to set it up OK except for the one issue with connection loss.
Pic:
The 2nd and 3rd item on the 2nd picture is for the Youtube API connection... and that is where I am being asked every now and then by Integromat to reconnnect the connection.. then I need to login and Google wanrs me my application wasn't approved so I pick continue etc...
The issue I have is the connection between my Youtube API at Integroat is getting disconnected after a few days / weeks and have to re-verify(reconnect) to Google account again.
This is because your authorization has an expire time. Access tokens by default work for one hour. If you want your application to refresh its access then you need to request offline access and store the refresh token and then use that to refresh your access whenever you need it.
On unverified apps refresh tokens will expire after a very short time this is because your application is considered to still be in development. YOu should apply for verification when you are ready to go to production. until that time you will need to login again regularly but as you are in development this sholdnt be to much of a problem.
Mind App Automation Testing with Postman or Newman possibility?
Is there a mechanism to login to a MindSphere Tenant in Postman??
Exposing access token via API in a mind app in the same tenant and using it in subsequent Rest API calls is another option which I am not looking for.
https://developer.mindsphere.io/howto/howto-local-development.html says two options. But,
1) Access tokens generated using service credentials have admin scope, which means it is not suitable for testing applications with different user types.
2) Session cookies are only valid for up to 12 hours and expire after 30 minutes of inactivity. However, by assigning your user specific application roles it is possible to test your application's behavior for users other than admin. Is there a way to avoid this copy paste sessions for complete automation??
At this moment, there is no known solution for this. But you can try this:
Use selenium to login in a headless chrome and get session cookies and XSRF Token and store them in environment. Then attach them in API calls.
This is what I am doing at this moment. Let me know if you come to know any other solutions/suggestions.
I have a Google Cloud Project that has some advertisement APIs enabled (DCM, SA360).
I use these with http in Excel/VBA.
I am pretty much the only person who logs in, there may be about 2-3 other logins.
I also have a Google Apps Script that uses a refresh token to access the APIs on my behalf.
Recently I got the unverified app screen - reading online this doesn't seem to be a problem for a small team.
However, I also got an email from Google saying that I've already expended 60% of the 100 new user quota for unverified apps - which is surprising, because I am confident that I don't have any actual new users.
What counts as a new user? Does the Google Apps Script, accessing from different google IPs, count as a new user everytime it fires?