I'm trying to access user's new access token via a POST call from chrome extension to my website that the user gave permission to. Thus, all of google doc that's dependant on redirects & user being on the session wouldn't work for me.
I can't seem to figure out how to integrate google's refresh access token with User's credentials (client_id, client_secret, refresh_token, grant_type) stored in db.
@blueprint.route("Calendar", methods=['POST'])
def Calendar():
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES) #believe should be added or else flow would be undefined (even though not present in the code snippet)
authorization_url, state = flow.authorization_url(
# Enable offline access so that you can refresh an access token without
# re-prompting the user for permission. Recommended for web server apps.
access_type='offline',
# Enable incremental authorization. Recommended as a best practice.
include_granted_scopes='true')
I tried adding:
# Use the authorization server's response to fetch the OAuth 2.0 tokens.
authorization_response = flask.request.url
flow.fetch_token(authorization_response=authorization_response)
credentials = flow.credentials
flask.session['credentials'] = credentials
user = User.query.filter_by(email=email).first()
with open('client_secret.json') as d:
d = json.load(d)
service = build('calendar', 'v3', credentials=credentials)
& got:
oauthlib.oauth2.rfc6749.errors.MismatchingStateError: (mismatching_state) CSRF Warning! State not equal in request and response.