Gmail API Nodejs and PM2 authentication - node.js

I have set up code to send emails using Gmail API in Nodejs. It works perfectly well in local machine. It asks to enter a code by visiting URL. Something like,
Authorize this app by visiting this URL: someURL
Enter the code from that page here: copy-paste code here
This is automatically done by Google following Node.js Quickstart for Gmail and it automatically generates token.json. Everything works perfectly fine in development.
Now in production, I deploy my app using PM2 and Nginx. So, now each node server is running in background and logs are generated in files.
I see the above prompt in the log file Enter the code from that page here:. But as the log is piped to the file, I have no way of pasting the code since I don't have access to standard input.
I have tried generating token.json from local and using it in the server which doesn't seem to work.
How do I fix this and is there any way around this?
NOTE: The code to authorize and send mails works just fine. I'm not posting it here because I don't want the question to be cluttered.

If you are trying to make a server application without need of user interaction instead of using regular OAuth you could try to use Service Account.
Although take into account that service accounts don't have the Gmail API per se, so you should enable the Domain-Wide Delegation to impersonate another user of the domain.
If you insist in authenticating a real user, you can retrieve the token.json before implementing PM2 and using it afterwards.
Also you can take a look at these two (1 and 2) github posts that also opens your initial thought of trying to use the stdin to authenticate the user.

Related

I'm getting a redirect_uri_mismatch when deploying my Node.js app to Heroku using Google OAuth2

I'm tasked with making a server using Node.js which will read emails from a Google account and parse the content from those emails into data we can store in a database. I'm using Google's googleapis package (v103.0.0) in NPM to authenticate/authorize with whichever account we'd like to use.
The issue comes when we try to switch accounts and have the user re-auth. During development on a local machine, the Auth process works as expected:
The client requests an Auth URL.
The server generates a new Auth URL and sends it back to the client.
The client redirects to that URL and the Google Consent Screen is shown.
The client is asked to choose between logged-in Google accounts.
The client authorizes the application and is redirected back to the server with a code.
The server uses the code to generate/save a token, which allows it to use the Gmail API.
However, after deploying to Heroku, the Google Consent Screen no longer allows the user to select an account. Instead, at step 3, it shows this message. In just about every other question related to this error, there's always additional information below the error code/message, but nothing's there for me. I made sure: (1) the domain I'm using in Heroku is verified on the Google Cloud Console, and (2) the redirect_uri within the Node.js application is passing the correct domain to the Auth URL, even while in production.
I can't provide the URL for privacy reasons, but let me know if there's any source code or Cloud Console info I should include.
It didn't take long after posting this question, but I realized I was using an incorrect OAuth 2.0 Client ID type. I was attempting to use "Desktop" when I should've been using "Web application" instead. Take a look at this image to see the difference.
When you select "Web application", you're given some new options: Authorized JavaScript origins, and Authorized redirect URIs. This is where you need to fill out the allowed URIs. Here's a sample of what that should look like.

Microsoft Sign In Without Browser With Node

I'm working on a project that's trying to include microsoft sign in, in order to use information about the person that signed in.
I'm doing this as a node js app that's run from my local machine, and there is no webpage / web server involved.
Mainly wondering if it's possible to sign in with a microsoft account without having to use a browser, or getting a URL link to sign in with, and then a way for me to get the access token without needing a redirect link back to a page.
It sounds like device code flow might meet your requirements.
Documentation for device code flow: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code
MSAL Node sample showing device code flow: https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/standalone-samples
There is also username/password flow, but that is not recommended, and MSAL Node does not support it yet. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

How to get OAuth2 token from an EC2 instance with no browser using nodejs google api

I have a node.js app that uses the google drive API to upload a file to a google drive. It is working fine on my local machine. I am now trying to migrate it to an EC2 instance but when I run the app using node, I am unable to verify by visiting the url...
Authorize this app by visiting this url: https://accounts.google.com/o/oauth2/v2/auth?>access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&response_type=code&cl>ient_id=xxxxxxxxxxxx.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoo>b
Not sure how to proceed as there is no browser on the machine - which makes me question if I am using the correct protocol for this application? I get totally confused by all the different options available.
I am basically using the option laid out here: https://developers.google.com/docs/api/quickstart/nodejs
Any pointers would be greatly appreciated.
Following the steps from the NodeJs Drive API quickstart, you can run your application locally the first time, this way the consent screen will be prompted and you'll be able to grant the permissions. With this, a token.json file will be created in your directory which will be used to create refresh tokens used to authorize the subsequent requests. You can upload your application to the EC2 instance with the token.json file included and you won't have to authorize the application again.
You can read more about refreshing an access token with offline access in Google's OAuth documentation.

How to auth from production nodejs server to get token for google spreadsheets API

i've implemented Google Spreadsheets API in an nodejs server, on localhost first time it asked to go to some specific url and copy token, i did this and everything was fine.
But on PROD, i see that it asks for the same thing, but i can't do that for PROD server ( i mean that i can't open console like on local machine and insert that code generated by google ).
So, what can i do? How can i make it works for PROD server.
P.S i've already tried with API keys, but it expects OAuth 2 access token.
I'm not sure what you mean. Could you post some code?
Generally when using the Google SDK in Node, you have the standard developer token, and you get a user access token from the user's Google account - whether that's you or anyone else. You can set those in your environment such as a .env file or in your app's settings on something like Heroku. There's no need for a console.

MVC 5 Authentication uses Twitter Pin-Based OAuth

I'm new to MVC Authentication, so I'm working on a sample project to get familiar with using external authentication. I've got Facebook and Google working, but I'm having trouble with Twitter.
I can get to Twitter's log-in page, but instead of redirecting back to my application like Facebook and Google does, it just displays a Pin and says I need to go back to my application and enter the Pin. It appears that the middle-ware is using Pin-Based authentication. Any tips for setting it up so that it doesn't use Pin-Based?
My application is MVC 5, .net 4.5.1, EF6, and Authentication 2.0.
Inside Startup.Auth, I've uncommented app.UseTwitterAuthentication and provided the comsumer key and secret provided by Twitter.
I ended up just deleting the app in Twitter and creating a new one, which works correctly.
When I initially created the first app, I had left the Callback URL empty. When testing with that configuration, I couldn't get to the Login screen, I just kept getting a 401 error. Once I added a callback url, I started getting to the login screen, but it was using the Pin-Based.
I thought that I had configured something incorrectly during the setup process, so that's why I deleted the application (in Twitter) and created a new one. In my project, I just changed the key and secret. There was no option during setup to select pin-based, but I did create it with a callback url.
I did create a third application (in Twitter) with no callback url, in an attempt to duplicate the problem, but I was unable to duplicate.

Resources