Develop Reference

How to use the Google Sign In access token instead of authorization code for getting the data from the Google Search Console?

I want to access the listed websites data in the Google Search Console using the Google Sign-In access_token (that one can get as the response when using Google Sign-In).
But, the thing is I can access that data only by using the authorization_code that can be copied from the OAuth2-Consent screen by going to the generated authorize_url and signing in using the registered Google account.
Here's the minimum reproducible version of the code:
from oauth2client.client import OAuth2WebServerFlow
import httplib2
from apiclient.discovery import build
CLIENT_ID = 'YOUR_CLIENT_ID'
CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
OAUTH_SCOPE = 'https://www.googleapis.com/auth/webmasters.readonly'
REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'
flow = OAuth2WebServerFlow(CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE, redirect_uri=REDIRECT_URI)
authorize_url = flow.step1_get_authorize_url()
print ('Go to the following link in your browser: ' + authorize_url)
code = input('Enter verification code: ').strip()
credentials = flow.step2_exchange(code)
http = httplib2.Http()
http = credentials.authorize(http)
webmasters_service = build('webmasters', 'v3', http=http)
def get_property_list(webmasters_service):
'''
Get a list of validated properties from GSC
'''
site_list = webmasters_service.sites().list().execute()
# Filter for verified websites
verified_sites_urls = [s['siteUrl'] for s in site_list['siteEntry']
if s['permissionLevel'] != 'siteUnverifiedUser'
and s['siteUrl'][:4] == 'http']
return verified_sites_urls
print({"available_websites": get_property_list(webmasters_service)})
Consider that I'll be provided with the Google Sign-In access-token as the request-parameter from another server which has implemented Google Sign-In feature.
So, again my question is how can I access the same data using that token instead of manually getting the auth_code from the OAuth2 consent screen ?

I have followed the documentation shared by DaImTo in the comments above. And modified the code as shown below:
from oauth2client.client import OAuth2WebServerFlow
import httplib2
from apiclient.discovery import build
from oauth2client import tools, file
CLIENT_ID = 'YOUR_CLIENT_ID'
CLIENT_SECRET = 'YOUR_CLIENT_SECRET'
OAUTH_SCOPE = 'https://www.googleapis.com/auth/webmasters.readonly'
REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'
# Acquire and store oauth token.
storage = file.Storage('token.json')
credentials = storage.get()
if credentials is None or credentials.invalid:
flow = OAuth2WebServerFlow(CLIENT_ID, CLIENT_SECRET, OAUTH_SCOPE, redirect_uri=REDIRECT_URI)
authorize_url = flow.step1_get_authorize_url()
credentials = tools.run_flow(flow, storage)
http = httplib2.Http()
http = credentials.authorize(http)
webmasters_service = build('webmasters', 'v3', http=http)
def get_property_list(webmasters_service):
'''
Get a list of validated properties from GSC
'''
site_list = webmasters_service.sites().list().execute()
# Filter for verified websites
verified_sites_urls = [s['siteUrl'] for s in site_list['siteEntry']
if s['permissionLevel'] != 'siteUnverifiedUser'
and s['siteUrl'][:4] == 'http']
return verified_sites_urls
print({"available_websites": get_property_list(webmasters_service)})
It's working fine now, without any manual interaction for copying and pasting the authorization_code from the OAuth2-Consent screen.

Sending a search query to Splunk using Python's request library

I want to send a search query to Splunk using Python3 and the requests library and would like to receive a SID of search job. Firstly, I am able to get the session_key with:
#!/usr/bin/env python3
import requests
from bs4 import BeautifulSoup
username = 'my_username'
password = 'my_password'
base_url = 'https://splunk-search:8089'
r = requests.get(base_url+"/servicesNS/admin/search/auth/login", data={'username':username,'password':password}, verify="/etc/pki/tls/cert.pem")
session_key = BeautifulSoup(r.text, 'lxml').find("sessionkey").text
#verify we get the session key as string
print(f"session key is {session_key} and its type is {type(session_key)}")
which makes me confident that I am authenticated. Once I have the session_key, I would like to post a search job with:
search_query = "search = search earliest=-5m index=_internal"
r = requests.post(base_url+'/services/search/jobs', data=search_query, headers = {'Authorization': 'Splunk %s' % session_key}, verify="/etc/pki/tls/cert.pem")
#view the response, I would hope to see a SID here
print(r.text)
Despite having access to the Splunk index I query, I get the following response:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="WARN">call not properly authenticated</msg>
</messages>
</response>
What am I missing here? Intuition tells me it is the request.post method that is malfored but I can't see to find where the error is.

After more googling I found this Splunk docs:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/UseAuthTokens
The call not properly authenticated response means lack of authentication. After more digging I verified that token authentication is not enabled in my cluster, hitting https://splunk-search:8089/services/authorization/tokens gives me the following response:
<?xml version="1.0" encoding="UTF-8"?>
<response>
<messages>
<msg type="ERROR">Splunk token authorization is disabled.</msg>
</messages>
</response>

Connect Python to SharePoint List

I am trying to access a SharePoint List with OAuth2 security and am experiencing issues with gaining access.
Error:
Cannot get security assertion for user [user]#[company].com from federation-sts.[company].com/adfs/services/trust/2005/…
An error occurred while retrieving auth cookies from ts.[company].com/_forms/default.aspx?wa=wsignin1.0
from office365.runtime.auth.authentication_context import AuthenticationContext
from office365.sharepoint.client_context import ClientContext
url = 'https://company.sharepoint.com'
username = 'user123#company.com'
password = 'password'
listname = 'Test List'
ctx_auth = AuthenticationContext(url)
if ctx_auth.acquire_token_for_user(username, password):
ctx = ClientContext(url, ctx_auth)
web = ctx.web
sp_list = ctx.web.lists.get_by_title(listname)
items = sp_list.get_items()
ctx.load(items)
ctx.execute_query()
else:
print(ctx_auth.get_last_error())
Try #2 with SharePlum:
from shareplum import Site
from shareplum import Office365
authcookie = Office365('https://ts.company.com', username='user', password='pw').GetCookies()
site = Site('https://ts.company.com/sites/SiteName/', authcookie=authcookie)
SharePlum error (I know my credentials are correct)
Exception: ('Error authenticating against Office 365. Error from Office 365:', 'AADSTS50126: Error validating credentials due to invalid username or password.

I tried it with below code on my SPO environment, it works well:
tenant_url= "https://abc.sharepoint.com"
site_url="https://abc.sharepoint.com/sites/A"
listname = 'Test List'
ctx_auth = AuthenticationContext(tenant_url)
if ctx_auth.acquire_token_for_user("x#abc.onmicrosoft.com","xxxx"):
ctx = ClientContext(site_url, ctx_auth)
web = ctx.web
sp_list = ctx.web.lists.get_by_title('kkkk')
items = sp_list.get_items()
ctx.load(items)
ctx.execute_query()
print(items)
else:
print(ctx_auth.get_last_error())
Could you please confirm that the username/password is correct? And You can also have a try another python library for Sp connection:
SharePlum: Python + SharePoint

superset keycloak configuration

I am trying to use keycloak with apache superset. I have spent hours on the links below but unable to replace the current login.
Using OpenID/Keycloak with Superset
2.Using KeyCloak(OpenID Connect) with Apache SuperSet
Using OpenID/Keycloak with Superset
I am using apache superset 0.34.5. While above links use 0.28 and below.
i am confused at inital step. let me explain the steps and see what i am missing.
I install superset using pip.
The structure i have is, i have config.py and security.py at the same level (i dont have security folder)
I renamed the security to oid_security.
I created a security.py with the following content.
from flask_appbuilder.security.manager import AUTH_OID
from superset.security import SupersetSecurityManager
from flask_oidc import OpenIDConnect
from flask_appbuilder.security.views import AuthOIDView
from flask_login import login_user
from urllib.parse import quote
from flask_appbuilder.views import ModelView, SimpleFormView, expose
import logging
class AuthOIDCView(AuthOIDView):
#expose('/login/', methods=['GET', 'POST'])
def login(self, flag=True):
sm = self.appbuilder.sm
oidc = sm.oid
#self.appbuilder.sm.oid.require_login
def handle_login():
user = sm.auth_user_oid(oidc.user_getfield('email'))
if user is None:
info = oidc.user_getinfo(['preferred_username', 'given_name', 'family_name', 'email'])
user = sm.add_user(info.get('preferred_username'), info.get('given_name'), info.get('family_name'), info.get('email'), sm.find_role('Gamma'))
login_user(user, remember=False)
return redirect(self.appbuilder.get_url_for_index)
return handle_login()
#expose('/logout/', methods=['GET', 'POST'])
def logout(self):
oidc = self.appbuilder.sm.oid
oidc.logout()
super(AuthOIDCView, self).logout()
redirect_url = request.url_root.strip('/') + self.appbuilder.get_url_for_login
return redirect(oidc.client_secrets.get('issuer') + '/protocol/openid-connect/logout?redirect_uri=' + quote(redirect_url))
class OIDCSecurityManager(SupersetSecurityManager):
authoidview = AuthOIDCView
def __init__(self,appbuilder):
super(OIDCSecurityManager, self).__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
I then created custom manager with the following
from flask_appbuilder.security.manager import AUTH_OID
from flask_appbuilder.security.sqla.manager import SecurityManager
from flask_oidc import OpenIDConnect
class OIDCSecurityManager(SecurityManager):
def __init__(self, appbuilder):
super(OIDCSecurityManager, self).__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
self.authoidview = AuthOIDCView
I created client secret.json with my credentials.
I edited config file as below.
from superset.security import OIDCSecurityManager
AUTH_TYPE = AUTH_OID
OIDC_CLIENT_SECRETS = 'client_secret.json'
OIDC_ID_TOKEN_COOKIE_SECURE = False
OIDC_REQUIRE_VERIFIED_EMAIL = False
AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = 'Gamma'
CUSTOM_SECURITY_MANAGER = OIDCSecurityManager
One thing to mention here is have manager py in security folder in flask appbuilder which has Abstract Security Manager cls. I am getting an error security py
It says cannot import name SupersetSecurityManager from superset - security
anyone please?

I suggest you start afresh and follow the steps that worked for me:
Create a virtual environment within your superset directory and activate it.
Install the flask-oidc and superset plugins within your virtual environment. pip install flask-oidc
Have a oidc_security.py file with the script you pasted above i.e. security.py in your setup.
Have a client_secret.json file with your keycloak config.
Have a superset_config.py with the script you pasted above.
Add all three of these files to your pythonpath.
Run superset db upgrade & superset init commands.
Finally, execute superset run. After the initialization completes, navigate to http://localhost:8088 on your browser. Expected behaviour: you'll be redirected to keycloak to login/register. After successful sign in, you'll be redirected to superset app.
I hope this helps. Do post back incase you succeed or face an error.

I then created custom manager with the following
where to update this??
from flask_appbuilder.security.manager import AUTH_OID
from flask_appbuilder.security.sqla.manager import SecurityManager
from flask_oidc import OpenIDConnect
class OIDCSecurityManager(SecurityManager):
def __init__(self, appbuilder):
super(OIDCSecurityManager, self).__init__(appbuilder)
if self.auth_type == AUTH_OID:
self.oid = OpenIDConnect(self.appbuilder.get_app)
self.authoidview = AuthOIDCView

I'm using pyramid_sacrud and get the error "403 Forbidden Access was denied to this resource. Unauthorized: sa_home failed permission check"

I follow the official docs, and set it step by step.
Using browser point to http://localhost:6543/sacrud/, here raise 403 Forbidden error. I'm trying to delete sa_home function's parameter permission in pyramid_sacrud/views/init.py to solve it, though It could be access but it hasn't login page in there.
Here is my app's ini file:
from pyramid.config import Configurator
from sqlalchemy import engine_from_config
from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.session import SignedCookieSessionFactory
from pyraid_blogr.models.models import BlogRecord, User
from .models.meta import (
DBSession,
Base,
)
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
authentication_policy = AuthTktAuthenticationPolicy('your_secret', hashalg='sha512')
authorization_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings,
authentication_policy=authentication_policy,
authorization_policy=authorization_policy
)
config.set_session_factory(SignedCookieSessionFactory('replace_your_secret'))
config.include('pyramid_mako',)
config.include('pyramid_sacrud',)
settings = config.registry.settings
settings['pyramid_sacrud.models'] = (('Group1', [BlogRecord]), ('Group2', [User]))
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('blog', '/blog/{id:\d+}/{slug}', request_method='GET')
config.add_route('blog_action', '/blog/{action}', factory='pyraid_blogr.security.BlogRecordFactory')
config.add_route('auth', 'sign/{action}')
config.scan()
return config.make_wsgi_app()
Here is the debug info
permission pyramid_sacrud_home value 'pyramid_sacrud_home' Source
Line 45 of file
/Users/liu-minglei/Web-Dev/my_pyramid/pyraid_blogr/admin/views/init.py:
permission=PYRAMID_SACRUD_HOME References view function
admin.views.sa_home

I have created an example with authorization (https://github.com/ITCase/pyramid_sacrud/tree/master/example), in your case, you seem to have edit pyramid_sacrud/views/init.py file that is not location in your python env or not reload server. For your app you must add sacrud permission (http://pyramid-sacrud.readthedocs.org/en/latest/pages/permissions.html) to root_factory.