HTTPError 403 (Forbidden) with Django and python-social-auth connecting to Google with OAuth2
Question:
Using python-social-auth, I get a 403: Forbiden error message after accepting access from google
EDIT: I’ve recently (2017) had the same error but under a new message: 401 Client Error: Unauthorized for url: https://accounts.google.com/o/oauth2/token
Answers:
This answer is outdated as the Google+ API is being deprecated on 3/7/19
You need to add the Google+ API to the list of enabled APIs on the Google Developer Console (under APIs)
Note: If you want to see the real error message, use the traceback to look at the content of the response variable (response.text). I use werkzeug for that (django-extensions + python manage.py runserver_plus).
Thanks also. I was using this python-social-auth tutorial by art and logic, but couldn’t get past a 403: Forbidden HTTPError at /complete/google-oauth2/ until enabling Google+ API as above and waiting for a few minutes for Google to enable it.
Additionally, I had to place the templates in a template directory and set
TEMPLATE_DIRS = ('/path/to/psa_test/thirdauth/templates/',)in settings.py.
Hope this helps someone along the way. All in all, it’s taken about 6 hours to figure it out. Not too bad, I’m happy.
For me I was using the full-URI scope which is deprecated by Google from Sept 1, 2014, this is mentioned in python-social-auth documentation here
http://psa.matiasaguirre.net/docs/backends/google.html#google-oauth2
Google is deprecating the full-url scopes from Sept 1, 2014 in favor of Google+ API and the recently introduced shorter scopes names. But python-social-auth already introduced the scopes change at e3525187 which was released at v0.1.24.
However if you don’t want to Enable the Google+ API for any reason and want to continue working with the full-uri old scope you need to follow the steps mentioned in the same link:
# Google OAuth2 (google-oauth2)
SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
# Google+ SignIn (google-plus)
SOCIAL_AUTH_GOOGLE_PLUS_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
SOCIAL_AUTH_GOOGLE_OAUTH2_USE_DEPRECATED_API = True
SOCIAL_AUTH_GOOGLE_PLUS_USE_DEPRECATED_API = True
This worked for me as I didn’t want to enable the Google+ API at this point.
Using python-social-auth, I get a 403: Forbiden error message after accepting access from google
EDIT: I’ve recently (2017) had the same error but under a new message: 401 Client Error: Unauthorized for url: https://accounts.google.com/o/oauth2/token
This answer is outdated as the Google+ API is being deprecated on 3/7/19
You need to add the Google+ API to the list of enabled APIs on the Google Developer Console (under APIs)
Note: If you want to see the real error message, use the traceback to look at the content of the response variable (response.text). I use werkzeug for that (django-extensions + python manage.py runserver_plus).
Thanks also. I was using this python-social-auth tutorial by art and logic, but couldn’t get past a 403: Forbidden HTTPError at /complete/google-oauth2/ until enabling Google+ API as above and waiting for a few minutes for Google to enable it.
Additionally, I had to place the templates in a template directory and set
TEMPLATE_DIRS = ('/path/to/psa_test/thirdauth/templates/',)in settings.py.
Hope this helps someone along the way. All in all, it’s taken about 6 hours to figure it out. Not too bad, I’m happy.
For me I was using the full-URI scope which is deprecated by Google from Sept 1, 2014, this is mentioned in python-social-auth documentation here
http://psa.matiasaguirre.net/docs/backends/google.html#google-oauth2
Google is deprecating the full-url scopes from Sept 1, 2014 in favor of Google+ API and the recently introduced shorter scopes names. But python-social-auth already introduced the scopes change at e3525187 which was released at v0.1.24.
However if you don’t want to Enable the Google+ API for any reason and want to continue working with the full-uri old scope you need to follow the steps mentioned in the same link:
# Google OAuth2 (google-oauth2)
SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
# Google+ SignIn (google-plus)
SOCIAL_AUTH_GOOGLE_PLUS_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
SOCIAL_AUTH_GOOGLE_OAUTH2_USE_DEPRECATED_API = True
SOCIAL_AUTH_GOOGLE_PLUS_USE_DEPRECATED_API = True
This worked for me as I didn’t want to enable the Google+ API at this point.