More Reliable oAuth #195
More Reliable oAuth #195
Conversation
mafrosis
force-pushed
the
reliable-oauth
branch
2 times, most recently
from
414cdf7 to
ff9db2d
Compare
| token_path, credentials_dir, credentials_file, scopes, save_token, host, port, | ||
| bind_addr, open_browser=False | ||
| ) | ||
| except WSGITimeout: |
There was a problem hiding this comment.
I decided not to incorporate timeout handling for flow.run_local_server a while back (#54) and just described the way to do it for somebody who needs it in the docs. It allows for a more fine-tuned approach (e.x. setting a timeout) and doesn't require the newest version of the google-auth-oauthlib.
There was a problem hiding this comment.
Interesting trick to use a separate process to provide a timeout. I might argue that it's a bit of a hack 😄
I'm already running multiprocess async, and there's no technical blocker why I couldn't use this pattern. My 2c is that timeouts ought to be supported first-class in the library.
Would it be a problem to require the most recent google-auth-oauthlib, or are you concerned about cross-compatibility with other libraries?
| except webbrowser.Error: | ||
| # System has no default browser configured, retry without opening browser | ||
| return AuthenticatedService._get_credentials( | ||
| token_path, credentials_dir, credentials_file, scopes, save_token, host, port, | ||
| bind_addr, open_browser=False | ||
| ) |
There was a problem hiding this comment.
That's a nice idea!
There are several things I'd like to change though:
- I think
open_browsershould be an argument in theGoogleCalendarinitialization with 3 options:None(default): this implementation, i.e. try with the browser. If failed, log the message (using logger, e.x. here) and try without the browserTrue: try with the browser, fail fast if failed (i.e. re-raisewebbrowser.Error)False: try without a browser
- Instead of calling
_get_credentialsrecursively, just useOtherwise, the logic before that line will be the same but run twice redundantly.credentials = flow.run_local_server( host=host, port=port, bind_addr=bind_addr, open_browser=False )
There was a problem hiding this comment.
- Yes 💯
- The recursive call is there because of the timeout handling. If you didn't recurse, then you would either need to repeat the Timeout exception handling, or drop the timeout support commit
There was a problem hiding this comment.
Regarding 2., I see. I know nested try-except might look weird, but in this case it seems like
try:
try:
credentials = flow.run_local_server(
host=host, port=port, bind_addr=bind_addr, timeout_seconds=120,
open_browser=open_browser
)
except webbrowser.Error:
# System has no default browser configured, retry without opening browser
credentials = flow.run_local_server(
host=host, port=port, bind_addr=bind_addr, timeout_seconds=120,
open_browser=False
)
except WSGITimeout:
print('Authentication flow timed out. Please try again.')would make sense.
In any case, both options would do, but that's a discussion for a future release :)
|
It's tumbleweeds over on the As it happens, I don't need this patch for my use-case anymore, as I switched to using a GCP service account instead of oauth2 user account for auth. Still, there's some good ideas in here I think and happy to see something merged if you're interested |
|
Hey, @mafrosis. Sorry for taking so long to respond. I reconsidered the in-library support for timeout handling. But it does require the As for the Thanks for the PR and suggestions! |
|
A big |
Opening this draft PR for discussion.
open_browser=False#187Also commit 2703518 will likely need to be updated to the actual version number once
google-auth-oauthlibis released to pypi.