1

I'm trying to create Circles with the Google+ API, but I'm kinda stuck, this is my code, it was more or less copied from the official API documentation (yes I know it doesn't create Circle, but the issue is the same)

import httplib2

from apiclient.discovery import build
from oauth2client.client import OAuth2WebServerFlow
import json

with open('client_secrets.json', 'r') as f:
    json_data = json.load(f)

data = json_data['web']
CLIENT_ID = data['client_id']
CLIENT_SECRET = data['client_secret']

# List the scopes your app requires:
SCOPES = ['https://www.googleapis.com/auth/plus.me',
          'https://www.googleapis.com/auth/plus.circles.write']

# The following redirect URI causes Google to return a code to the user's
# browser that they then manually provide to your app to complete the
# OAuth flow.
REDIRECT_URI = 'http://localhost/oauth2callback'

# For a breakdown of OAuth for Python, see
# https://developers.google.com/api-client-library/python/guide/aaa_oauth
# CLIENT_ID and CLIENT_SECRET come from your APIs Console project
flow = OAuth2WebServerFlow(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET,
                           scope=SCOPES,
                           redirect_uri=REDIRECT_URI)

auth_uri = flow.step1_get_authorize_url()

# This command-line server-side flow example requires the user to open the
# authentication URL in their browser to complete the process. In most
# cases, your app will use a browser-based server-side flow and your
# user will not need to copy and paste the authorization code. In this
# type of app, you would be able to skip the next 3 lines.
# You can also look at the client-side and one-time-code flows for other
# options at https://developers.google.com/+/web/signin/
print 'Please paste this URL in your browser to authenticate this program.'
print auth_uri
code = raw_input('Enter the code it gives you here: ')

# Set authorized credentials
credentials = flow.step2_exchange(code)

# Create a new authorized API client.
http = httplib2.Http()
http = credentials.authorize(http)
service = build('plusDomains', 'v1', http=http)

from apiclient import errors
try:
    people_service = service.people()
    people_document = people_service.get(userId='me').execute()
except errors.HttpError, e:
    print e.content

My output:

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "forbidden",
    "message": "Forbidden"
   }
  ],
  "code": 403,
  "message": "Forbidden"
 }
}

I searched for answer, but didn't really find any. On the API console I have Google+ API and Google+ Domains API services added also my secret and client id are okay (otherwise the whole script would fail sooner). Also the auth is successful, my app's name is shown under https://accounts.google.com/IssuedAuthSubTokens. What did I miss?

Joanna
  • 2,176
  • 11
  • 16
kviktor
  • 1,076
  • 1
  • 12
  • 26

1 Answers1

1

The problem lies with your REDIRECT_URI variable. When you are using OAuth 2.0 in a purely server-side flow, the redirect URI MUST be 'urn:ietf:wg:oauth:2.0:oob'.

Try changing the variable like so (and be sure to update your client ID in the API Console): REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'

Edit: Also, make sure that you are making your API call for a user within a domain. The Google+ Domains API only permits API calls that are restricted to users and content within that domain.

Joanna
  • 2,176
  • 11
  • 16
  • I tried it and I still get the same error message, also If I understand correctly `urn:ietf:wg:oauth:2.0:oob` is needed if I want to create an "Installed app", but I want to do things via a website. (the "enter code" parts is only there now for testing purposes, in live the program would simply read the code from the GET parameters) – kviktor Oct 18 '13 at 08:32
  • When I ran your code, that was the change I made, and your code worked. The other thing to check would be where you are populating your `CLIENT_ID` and `CLIENT_SECRET`, as there might be an error there. – Joanna Oct 18 '13 at 15:52
  • May I ask what did you set in your API Console? This is how it looks like for me: http://i.imgur.com/f9XCxtz.png, but it still gives the same error (services are added). Also is domains useable by anyone? I suspect that the problem might be there. (I just want to authenticate users and add them to circles, I don't have Google Apps) – kviktor Oct 18 '13 at 19:32
  • Anyone can use the Google+ Domains API, but the results and actions are limited to the specified domain. If you are not making API calls against a particular domain, then your API call will fail. – Joanna Oct 18 '13 at 19:56
  • 2
    Can you provide a quick example for calling the API with a domain? I'm kinda lost about it. I understand OAuth2 and what goes behind Google's wrapper, but I dont see where these domains fit into all this. – kviktor Oct 18 '13 at 21:01
  • For OAuth 2.0, you do not need to specify the domain anywhere. However, the user that you are authenticating must belong to a Google Apps domain, not, for example, @gmail.com. For more information, see https://developers.google.com/+/domains/authentication/ – Joanna Oct 18 '13 at 21:44
  • So If I understand correctly, If I want to create a circle for a random gmail user I can't because he doesn't belong to a Google Apps domain? I think thats my problem then. – kviktor Oct 19 '13 at 10:35