Support

Generating OAuth tokens for a server using httr

Follow

When you create an OAuth token from an R server, you should set the "out of band" (OOB) option to TRUE. This is the opposite setting from the desktop, which uses OOB=FALSE (the default). The easiest solution is to set: options(httr_oob_default=TRUE) and then generate a token using whatever package functions have been offered to you. Alternatively, you can generate a token directly using httr::oauth2.0_token() by setting the use_oob argument to TRUE.

Creating OAuth tokens out of band requires you to paste an authorization code into your R session following the auth dance. You may find that process unacceptable for certain use cases. If you would rather do the auth dance from your desktop instead of your server, you can create a token from your desktop and then upload it to your server.

Background

If you want to access a website or application (e.g. Google Sheets) from R, you may need to generate an OAuth token. You can generate OAuth tokens from the httr package. The process for generating new tokens dynamically opens a browser window, creating a figurative "dance" between you and the service. This "dance" may not work from an R server. If you use R on a server, you may eventually be redirected to the localhost on port 1410 and receive an error:

Chrome: This site can't be reached; localhost refused to connect.
Firefox: Unable to connect; can't establish a connection.

If you are using R on a server, here are three ways to generate an OAuth token.

1. Set: options(httr_oob_default=TRUE)

Sometimes you need to create an OAuth token when you want R to communicate with other online services. For example, googlesheets allows you to access and manage Google spreadsheets from R but it requires you to create a .httr-oauth token via the httr package. The simplest way to create a .httr-oauth token from a server is to set the httr_oob_default option to true, which will tell httr to use the out of band method for authenticating. You will be given a URL and be expected to return an authorization code.

library(googlesheets) 
options(httr_oob_default=TRUE) 
gs_auth(new_user = TRUE) 
gs_ls()

The gs_auth command calls the oauth2.0_token command which prompts you to paste a URL into the browser. Once you authenticate through the browser you should be given an authorization code that you can paste back inside your R session.  

> gs_auth(new_user = TRUE)
No token currently in force.
Please point your browser to the following url: 

https://accounts.google.com/o/oauth2/auth?client_id=178989665258-
f4scmimctv2o96isfppehg1qesrpvjro.apps.googleusercontent.com&scope=h
ttps%3A%2F%2Fspreadsheets.google.com%2Ffeeds%20https%3A%2F%2Fwww.google
apis.com%2Fauth%2Fdrive&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%
3Aoob&response_type=code

Enter authorization code:

After you enter the authorization code httr will create a new token and store it in .httr-auth.

2. Use: oauth2.0_token(use_oob=TRUE)

Alternatively, you can create a .httr-oauth token directly using httr commands. Use the out of band authentication mode by setting use_oob=TRUE in the oauth2.0_token command.

library(googlesheets)
library(httr)

file.remove('.httr-oauth') # Remove current token

oauth2.0_token(
   endpoint = oauth_endpoints("google"),
   app = oauth_app(
      "google", 
      key = getOption("googlesheets.client_id"), 
      secret = getOption("googlesheets.client_secret")
      ),
   scope = c(
      "https://spreadsheets.google.com/feeds", 
      "https://www.googleapis.com/auth/drive"),
   use_oob = TRUE,
   cache = TRUE
)

gs_ls() # Test

One thing httr does when you set the httr_oob_default option is to redefine the URI to redirect_uri <- "urn:ietf:wg:oauth:2.0:oob" as seen in the code for oauth-init.

3. Generate on the desktop and copy to the server

The solutions above may not work for all websites and applications. For example, box.com does not support the OAuth out of band "dance". A less elegant solution in this case is to create the .httr-oauth token on your desktop and then copy the file to a server. Note: if you copy a token from a local machine to a remote machine, make sure that both machines are using the same version of httr.

Comments