[InterMine Dev] Problems with Google OAuth2

Sam Hokin shokin at ncgr.org
Thu Oct 22 20:14:37 BST 2020


I've configured Google OAuth2 for the LIS mines (OAuth consent screen) and specifically BeanMine (client_id, secret and redirect 
URI). It seems to work OK up to actually getting the auth back to the mine. If I use the default API URI, which is coded in 
intermine/webapp/src/main/webapp/WEB-INF/global.web.properties:

oauth2.GOOGLE.identity-resource = https://www.googleapis.com/plus/v1/people/me/openIdConnect

Google returns

message	"Legacy People API has not been used in project 385508380982 before or it is disabled. Enable it by visiting 
https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=385508380982 then retry. If you enabled 
this API recently, wait a few minutes for the action to propagate to our systems and retry."
status	"PERMISSION_DENIED"

I've enabled the now-called People API for my Google project.

That looks suspicious, since Google deprecated Google+ a while ago. So then I look up the Google doc

https://developers.google.com/identity/protocols/oauth2/web-server

and it appears I should use:

oauth2.GOOGLE.identity-resource = https://accounts.google.com/o/oauth2/v2/auth

but then Google appears to return something that isn't JSON:

Error granting permission: A JSONObject text must begin with '{' at 1 [character 2 line 1]

Any suggestions? Clearly this scheme is broken in 4.2.0 but I wonder if anyone has gotten it to work. If this is something that 
needs to be updated in core IM, I can take it on, but I'd like to get feedback first. Thanks!


More information about the dev mailing list