HTTPError 403 (Forbidden) with Django and python-social-auth connecting to Google with OAuth2
Solution 1
This answer is outdated as the Google+ API is being deprecated on 3/7/19
You need to add the Google+ API
to the list of enabled APIs on the Google Developer Console (under APIs
)
Note: If you want to see the real error message, use the traceback to look at the content of the response
variable (response.text
). I use werkzeug for that (django-extensions
+ python manage.py runserver_plus
).
Solution 2
Thanks also. I was using this python-social-auth tutorial by art and logic, but couldn't get past a 403: Forbidden HTTPError at /complete/google-oauth2/ until enabling Google+ API as above and waiting for a few minutes for Google to enable it.
Additionally, I had to place the templates in a template directory and set
TEMPLATE_DIRS = ('/path/to/psa_test/thirdauth/templates/',)
in settings.py.
Hope this helps someone along the way. All in all, it's taken about 6 hours to figure it out. Not too bad, I'm happy.
Solution 3
For me I was using the full-URI scope which is deprecated by Google from Sept 1, 2014, this is mentioned in python-social-auth documentation here
http://psa.matiasaguirre.net/docs/backends/google.html#google-oauth2
Google is deprecating the full-url scopes from Sept 1, 2014 in favor of Google+ API and the recently introduced shorter scopes names. But python-social-auth already introduced the scopes change at e3525187 which was released at v0.1.24.
However if you don't want to Enable the Google+ API for any reason and want to continue working with the full-uri old scope you need to follow the steps mentioned in the same link:
# Google OAuth2 (google-oauth2)
SOCIAL_AUTH_GOOGLE_OAUTH2_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
# Google+ SignIn (google-plus)
SOCIAL_AUTH_GOOGLE_PLUS_IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_GOOGLE_PLUS_SCOPE = [
'https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile'
]
SOCIAL_AUTH_GOOGLE_OAUTH2_USE_DEPRECATED_API = True
SOCIAL_AUTH_GOOGLE_PLUS_USE_DEPRECATED_API = True
This worked for me as I didn't want to enable the Google+ API at this point.
damio
Updated on June 05, 2022Comments
-
damio almost 2 years
Using
python-social-auth
, I get a403: Forbiden
error message after accepting access from googleEDIT: I've recently (2017) had the same error but under a new message:
401 Client Error: Unauthorized for url: https://accounts.google.com/o/oauth2/token
-
StringsOnFire almost 10 yearsThanks for coming back with the answer
-
mgalgs over 9 yearsWow, huge +1 for the werkzeug pointer. A whole new world of debugging has been opened to me...
-
schemacs over 9 yearsYou save me a day. I have to enable Google+ API even I just use oauth2.
-
jpklzm over 9 yearsI still with a problem like that. When I get 403 for a domain([email protected]) and granted for another ([email protected]). I've already enabled Google+ API on it. Any idea?
-
janos over 8 yearsDamn. Thank you. So much. I already did what's necessary but it still wasn't working. All I had to do was wait ~5 minutes, and magic, it was working.
-
medmunds over 8 years@jpklzm any chance the one still throwing this error was a Google Apps for Education account? (Realize it's been a while since your comment.) E.g., a k12.xx.us or .edu domain. I think that's what I'm seeing, but don't have enough data to confirm. Theory: even with Google+ API enabled, if Google Apps admin has disabled Google+ for their domain users, you get this error. (Or something like that.)
-
Michael Butler about 8 yearsWhen in doubt, wait 5 minutes! Gotta love async web propagation.
-
Milad M almost 8 yearsI just added Google+ API and things started to work :). Thanks!
-
Eric Zhang almost 7 yearsTHANKS! I couldn't find any documents mentioning about that unless found your answer!
-
harijay almost 6 yearsWorked like a charm, hope the docs had mentioned this . Also the correct one is Google + API . I had accidentally enabled the Google+Domains API and that didnt make it work.