12

I am trying to make a discord bot that interacts with the google API specifically the Google Classroom API, so therefore I made a new project from the google console and created a new OAuth client for a web application. I enabled the Classroom API as well and selected all the scopes that I wanted to use:

['https://www.googleapis.com/auth/classroom.course-work.readonly',
 'https://www.googleapis.com/auth/classroom.student-submissions.students.readonly',
 'https://www.googleapis.com/auth/classroom.courses.readonly']

Then I set up my python programme using Google's example (At first I wrote my own using the documentation but got the same result). When I run the example code everything goes fine, it opens the browser and asks me to select my account, I select my school account and when it loads and I expect an Authorization screen to pup up to ask me if I allow the requested data it says something went wrong with no error messages at all. I have downloaded the correct credentials.json folder from the google dashboard and used it in my programme.

I will also provide the simplified code that I wrote maybe it's a problem there.

import pickle
import os
from google_auth_oauthlib.flow import Flow, InstalledAppFlow
from googleapiclient.discovery import build
from google.auth.transport.requests import Request


CLIENTSECRETPATH = "credentials.json"
APISERVICENAME = "classroom"
APIVERSION = "v1"
SCOPES = ['https://www.googleapis.com/auth/classroom.course-work.readonly', 'https://www.googleapis.com/auth/classroom.student-submissions.students.readonly', 'https://www.googleapis.com/auth/classroom.courses.readonly']

cred = None

if os.path.exists("toke.pickle"):
    with open("tiken.pickle", "rb") as token:
        cred = pickle.load(token)

if not cred or not cred.valid:
    if cred and cred.expired and cred.refresh_token:
        cred.refresh(Request())
    else:
        flow = InstalledAppFlow.from_client_secrets_file(CLIENTSECRETPATH, SCOPES)
        cred = flow.run_local_server()

    with open("token.pickle", "wb") as token:
        pickle.dump(cred, token)

try:
    service = build(APISERVICENAME, APIVERSION, credentials=cred)

except Exception as e:
    print(e)

Edit: I tried to change some settings on the google console and randomly decided to click publish as the project was still in the testing state, after doing this I could sign in with no errors. But that still doesn't explain why it didn't work when it was in a testing status, I added my school e-mail address to the test users list and made sure I did everything right for testing.

something went wrong screenshot

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Hein Gertenbach
  • 318
  • 2
  • 13
  • As I can see in your code there's nothing that could've caused the *something went wrong* issue. It'd be helpful if you edit your question and add a screenshot to it. – Jose Vasquez Jan 21 '21 at 12:04
  • I added the something went wrong screenshot, but it does not give much more information – Hein Gertenbach Jan 22 '21 at 14:47
  • As I can see in your screenshot this issue might be due to the *credentials.json* file *redirect_uris* field. Therefore please edit your question and add this json without exposing sensitive data such as domain, or the *client_secret* field. – Jose Vasquez Jan 25 '21 at 12:57
  • I see the same issue when trying to access not verified app as workspace domain test user and the user is already logged in as described by @Alex below. But it works correctly when I tried using testing account using Google public account (i.e. @gmail.com) – JozefS Feb 02 '21 at 13:04
  • 1
    I can confirm this is also happening to me. Only when adding oauth scopes, signin works fine. However, using an account within our organization domain works fine. – Lucas D Feb 05 '21 at 19:35
  • I know how to fix it, use google chrome (not kidding), and be logged into google chrome, or use chrome incognito window –  Aug 15 '23 at 04:26

3 Answers3

11

I can't reply to the above issue (need more reputation) but can confirm that I am seeing the same behaviour. What makes it even more weird is that the issue only presents itself when the user attempts to perform the OAuth integration with an account that is already signed in. The user is presented with a generic “Sorry, something went wrong there. Try again.” error before even seeing the required scopes list. However if the user is not logged into their account, and logs in as part of the OAuth integration, then there is no error and integration can be completed successfully. The fact that this issue doesn't affect users who aren't logged in shows that the setup (callback API, credentials.json, etc.) is all correct. I believe this issue has been introduced in the last month or so.

Alex
  • 355
  • 5
  • 11
2

I am seeing a similar Issue to Alex's post. Adding what I've seen so far in hopes to help debug.

When the OAuth flow is initiated in a session that has authenticated accounts (using the Account Picker), the Oauth flow fails with /unknownerror in the forward URL and the user is presented with the generic "Sorry, something went wrong there. Try again."

But, If the OAuth flow is initiated in a session where the User needs to sign-in to their Google account, the flow works as expected.

I do suspect this to be an Error with a Test App and Test Accounts. But hoping this will get fixed or to find some workaround.

I have found that the scopes have an affect as well. With basic scopes (profile,email) the error flow does not occur. But once you add another more restricted scope, the error flow returns.

spaceMonkey
  • 141
  • 1
  • 2
  • 3
  • Yes, seems to be an Issue with the Test App and Test Accounts. As I have school emails and normal emails that are all signed in at the same time it just happened to put me into this situation. My work around was just to put the project into a published state as I don't use any sensitive scopes. – Hein Gertenbach Feb 10 '21 at 07:57
1

This does not solve the problem when one actually needs the restricted scopes, nor does it allow for testing the app, which is particularly important for restricted scopes.

To make testing work, it seems that non-Chromium browsers will simply fail. You must use a Chromium-based browser to get the authorization code.

After many tries getting this error with the latest Firefox (version 102) I installed the snap of Midori and it worked with no problems. Now that the app is authorized I can switch back to Firefox.

Sanjay Aiyagari
  • 11
  • 3
  • I am getting this with normal Chromium, and Brave which are both Chromium browsers. I also figured out it returns a 401 error when trying to send a POST request. – thakyZ Jul 14 '22 at 17:14