1

I'm developing my own website with React JS and Django. The idea is a calendar website for making events. I did a Google Calendar integration following the article Google Calendar API with Python

In order to use a Google Calendar, I got my OAuth Client Id and put them in credentials.json file inside my root folder. When I press a button "Integrate Google Calendar" in my own website, the request is sent to the server where I check if there is the file credentials.json and make a new file for credentials named token.txt in the same folder. And right after that I retrieve events from the calendar passing the credentials received from the token.txt.

service = build("calendar", "v3", credentials=creds)

The problem is, when I have a lot of users and requests, the file token.txt is overwritten, so I can get someone else's events. What is the best idea for storing credentials for every single user? Should I store them in binary in a database?

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
unriale
  • 49
  • 6

1 Answers1

3

Issue number 1.

You say you are creating a web app. Yet the example you are following is for an installed app hence the

InstalledAppFlow.from_client_secrets_file

Issue number 2.

The sample you are following as it is for an installed app is designed for single user. The users consent is stored with in the token pickle.

pickle.dump(creds, open("token.txt", "wb"))

Solution.

Find an example for using with webappclient. Try looking around in client library There should be something there. or this web-server#python_1

# OAuth 2 client setup
client = WebApplicationClient(GOOGLE_CLIENT_ID)
Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449