HTTPError 403 (Forbidden) with Django and python-social-auth connecting to Google with OAuth2

13,629

Solution 1

This answer is outdated as the Google+ API is being deprecated on 3/7/19

You need to add the Google+ API to the list of enabled APIs on the Google Developer Console (under APIs)

Note: If you want to see the real error message, use the traceback to look at the content of the response variable (response.text). I use werkzeug for that (django-extensions + python manage.py runserver_plus).

Solution 2

Thanks also. I was using this python-social-auth tutorial by art and logic, but couldn't get past a 403: Forbidden HTTPError at /complete/google-oauth2/ until enabling Google+ API as above and waiting for a few minutes for Google to enable it.

Additionally, I had to place the templates in a template directory and set TEMPLATE_DIRS = ('/path/to/psa_test/thirdauth/templates/',)in settings.py.

Hope this helps someone along the way. All in all, it's taken about 6 hours to figure it out. Not too bad, I'm happy.

Solution 3

For me I was using the full-URI scope which is deprecated by Google from Sept 1, 2014, this is mentioned in python-social-auth documentation here

http://psa.matiasaguirre.net/docs/backends/google.html#google-oauth2

Google is deprecating the full-url scopes from Sept 1, 2014 in favor of Google+ API and the recently introduced shorter scopes names. But python-social-auth already introduced the scopes change at e3525187 which was released at v0.1.24.

However if you don't want to Enable the Google+ API for any reason and want to continue working with the full-uri old scope you need to follow the steps mentioned in the same link:

# Google OAuth2 (google-oauth2)
SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]

# Google+ SignIn (google-plus)
SOCIAL_AUTH_GOOGLE_PLUS_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]

SOCIAL_AUTH_GOOGLE_OAUTH2_USE_DEPRECATED_API = True
SOCIAL_AUTH_GOOGLE_PLUS_USE_DEPRECATED_API = True

This worked for me as I didn't want to enable the Google+ API at this point.

Share:
13,629
damio
Author by

damio

Updated on June 05, 2022

Comments

  • damio
    damio almost 2 years

    Using python-social-auth, I get a 403: Forbiden error message after accepting access from google

    EDIT: I've recently (2017) had the same error but under a new message: 401 Client Error: Unauthorized for url: https://accounts.google.com/o/oauth2/token

  • StringsOnFire
    StringsOnFire almost 10 years
    Thanks for coming back with the answer
  • mgalgs
    mgalgs over 9 years
    Wow, huge +1 for the werkzeug pointer. A whole new world of debugging has been opened to me...
  • schemacs
    schemacs over 9 years
    You save me a day. I have to enable Google+ API even I just use oauth2.
  • jpklzm
    jpklzm over 9 years
    I still with a problem like that. When I get 403 for a domain([email protected]) and granted for another ([email protected]). I've already enabled Google+ API on it. Any idea?
  • janos
    janos over 8 years
    Damn. Thank you. So much. I already did what's necessary but it still wasn't working. All I had to do was wait ~5 minutes, and magic, it was working.
  • medmunds
    medmunds over 8 years
    @jpklzm any chance the one still throwing this error was a Google Apps for Education account? (Realize it's been a while since your comment.) E.g., a k12.xx.us or .edu domain. I think that's what I'm seeing, but don't have enough data to confirm. Theory: even with Google+ API enabled, if Google Apps admin has disabled Google+ for their domain users, you get this error. (Or something like that.)
  • Michael Butler
    Michael Butler about 8 years
    When in doubt, wait 5 minutes! Gotta love async web propagation.
  • Milad M
    Milad M almost 8 years
    I just added Google+ API and things started to work :). Thanks!
  • Eric Zhang
    Eric Zhang almost 7 years
    THANKS! I couldn't find any documents mentioning about that unless found your answer!
  • harijay
    harijay almost 6 years
    Worked like a charm, hope the docs had mentioned this . Also the correct one is Google + API . I had accidentally enabled the Google+Domains API and that didnt make it work.