Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix login by implementing oauth2 #23

Open
wants to merge 10 commits into
base: master
Choose a base branch
from

Conversation

dheerajbhaskar
Copy link

Hi guys, this is still a wip.

What has been done so far?

I'm using this article

  1. Add permissions to your manifest and upload your app.
  2. Copy key in the installed manifest.json to your source manifest, so that your application ID will stay constant during development.
  3. Get an OAuth2 client ID for your Chrome App.
  4. Update your manifest to include the client ID and scopes.
  5. Get the authentication token. (I'm working on this right now)

Help I need

  1. What scopes are required for this app?
  2. Where is the login button code in the existing app (just putting it out there; I'm sure I can figure this one out)

PS: I'd need help from you guys later to identify which of these keys I need to revoke now that they're public.

@dheerajbhaskar
Copy link
Author

update 1:

  • I've found the code for the login button in options.js . Working on it.
  • I've also updated the first comment in this thread with work done so far

@dheerajbhaskar
Copy link
Author

update 2: login working and token is showing up for google drive. We don't want Google drive, now, do we :)
Picking something from the Google play side. Let me check what's there.

@dheerajbhaskar
Copy link
Author

Help I need

  1. What scopes are required for this app?
  2. Where is the login button code in the existing app (just putting it out there; I'm sure I can figure this one out)

Now we need to figure out what scopes are needed. And perhaps a few details about refresh tokens, etc.

@dheerajbhaskar
Copy link
Author

Oauth2 playground might be a good resource for people looking at this pull request:
https://developers.google.com/oauthplayground/

@dheerajbhaskar
Copy link
Author

To give context, this is regarding #22 Issue

@dheerajbhaskar
Copy link
Author

@Lekensteyn @Rob--W I would need a little help here, I'm a little lost on how to test if the token we've received is sufficient (as in, will it work). Is there a simple (even hackish) way for me to test that, rather than fiddle with code all over the place?

@dheerajbhaskar
Copy link
Author

The evozi addon asks for your GSF id, how come we don't need it?

@dheerajbhaskar
Copy link
Author

Shouldn't a button show up when we're on any app on playstore? It isn't showing up. Have I missed setting something in the code?

@Rob--W
Copy link
Collaborator

Rob--W commented Jul 15, 2015

@dheerajbhaskar Does your patch already provide the desired functionality?

To test, just use the APK downloader on any app in the Play store.

@dheerajbhaskar
Copy link
Author

@Rob--W The desired functionality was to get the extension working given that ClientLogin endpoint has been shut down. I thought oauth2 was a good way to go. The oauth2 flow has been integrated to up till getting the token. I don't know how to use the token to make an APK download happen.

Also, I've the token has access to your email and a few basic details, I don't know if that's sufficient or more access level is needed.

I'm also unable to see the download APK button on play store app details pages. Am I missing something?

PS: Perhaps, we should also explore app specific passwords. Might be a quicker fix, just thinking out loud.

@Lekensteyn
Copy link
Owner

App-specific passwords is what I have been using so far, but it is only an authentication mechanism. The ClientLogin API will disappear, but I don't know if OAuth can replace this yet.

@dheerajbhaskar
Copy link
Author

Yes, now I understand - app specific passwords are the mechanism and the
clientlogin is the api.

In the docs for clientlogin, it was suggested that one move to oauth2.

Right now I'm getting a invalid token error while downloading. To fix this,
I'm thinking of adding all possible scopes to the manifest and see if it
works then, if it works, great then, we need to find a minimum set which
works. Else, oauth2 doesn't cut it yet or we need moar scopes! :)

Do you have any other ideas to go about this?

On Thu, Jul 16, 2015 at 5:36 PM, Peter Wu notifications@github.com wrote:

App-specific passwords is what I have been using so far, but it is only an
authentication mechanism. The ClientLogin API will disappear, but I don't
know if OAuth can replace this yet.


Reply to this email directly or view it on GitHub
#23 (comment)
.

@cyberdudedk
Copy link

Any news on this? Seems it's been a few months now, and no news? :(

@dheerajbhaskar
Copy link
Author

I remember that it was not working even with oauth. For the apk downloading
endpoint, somewhere along the flow, it needed username password if I recall
correctly. I tried replacing it with username token, then username refresh
token. I tried a lot of other things, couldn't get it to work.

I found a python script for which the clientlogin endpoint was still
working so, using that now.

The clientlogin endpoint seems to be only deprecated for apps.

On Sun, Dec 20, 2015 at 9:11 PM cyberdudedk notifications@github.com
wrote:

Any news on this? Seems it's been a few months now, and no news? :(


Reply to this email directly or view it on GitHub
#23 (comment)
.

--- Disclaimer --- The information in this mail is confidential and is
intended solely for addressee. Access to this mail by anyone else is
unauthorised. Copying or further distribution beyond the original recipient
may be unlawful. Any opinion expressed in this mail is that of sender and
does not necessarily reflect that of OSW Technologies Pvt Ltd.---

@Lekensteyn
Copy link
Owner

@cyberdudedk Progress has stalled, not enough time/interest I'm afraid.

@dheerajbhaskar What is that Python script you are referring to?

@dheerajbhaskar
Copy link
Author

Peter, here's the python script. https://github.com/egirault/googleplay-api
This worked on my PC.

On Mon, Dec 21, 2015 at 10:58 PM Peter Wu notifications@github.com wrote:

@cyberdudedk https://github.com/cyberdudedk Progress has stalled, not
enough time/interest I'm afraid.

@dheerajbhaskar https://github.com/dheerajbhaskar What is that Python
script you are referring to?


Reply to this email directly or view it on GitHub
#23 (comment)
.

--- Disclaimer --- The information in this mail is confidential and is
intended solely for addressee. Access to this mail by anyone else is
unauthorised. Copying or further distribution beyond the original recipient
may be unlawful. Any opinion expressed in this mail is that of sender and
does not necessarily reflect that of OSW Technologies Pvt Ltd.---

@thomas3217
Copy link

how is this coming? I have the same issue.

@dheerajbhaskar
Copy link
Author

Does anyone know what the fix is? I can implement if someone can help.

Oauth is new to me, if someone can help me there we can work further down
that path.

On Wed 10 Feb, 2016, 8:48 PM Tom Harmon notifications@github.com wrote:

how is this coming? I have the same issue.


Reply to this email directly or view it on GitHub
#23 (comment)
.

--- Disclaimer --- The information in this mail is confidential and is
intended solely for addressee. Access to this mail by anyone else is
unauthorised. Copying or further distribution beyond the original recipient
may be unlawful. Any opinion expressed in this mail is that of sender and
does not necessarily reflect that of OSW Technologies Pvt Ltd.---

@IMAN4K
Copy link

IMAN4K commented Mar 3, 2017

@dheerajbhaskar
Oh! finally found someone that is familiar to this big issue!
It seems ClientLogin AND c2dm is still working because this desktop APK downloader is still operational and it means the android.clients.google.com server is alive
CL was suppose to be deprecated on 2012 and c2dm also in 2015 but the're still working
If we're going to use OAuth we need the clientID that should be taken from developer console: https://console.developers.google.com/
But there is no Google play store API scope for that :(
And it makes us stuck in our new open source project!
So i'm ready to hear your ideas about this
Can we contact Google play directly for this ?

@dheerajbhaskar
Copy link
Author

Hey I'd be happy to work on this if there's a workaround. I couldn't check out the racoon 4 link because it's broken, can you repost please?

Google play customer support I think you're planning of contacting might not help because I think we're taking advantage of an undocumented api. We can however talk to them about the login part though. Good thinking :-)

Would you mind talking to them about this? You can loop me in if you want some help with that though.

@IMAN4K
Copy link

IMAN4K commented Mar 3, 2017

Should work: https://github.com/onyxbits/raccoon4
Ok we don't tell them directly ;)
Could you please give me the right page url for customer support

@dheerajbhaskar
Copy link
Author

@IMAN4K I'm not sure where to contact for login, perhaps google play developer support? Here's the link for that: https://support.google.com/googleplay/android-developer/?hl=en#topic=15868

@Walkman100
Copy link

Walkman100 commented Aug 10, 2017

Just thought I'd put this here, Yalp Store works: https://f-droid.org/packages/com.github.yeriomin.yalpstore/
GitHub repo: https://github.com/yeriomin/YalpStore
Although I don't know enough about android apps and what this repo needs to dig into this, maybe it could help others as it's a viable solution if you have an Android device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants