Comment 1 Johannes Keiser 2019-01-31 13:40:41 CET

Version: 4.3-2 errata344 (Neustadt)

Interner Server-Fehler in "googleapps/state".
Request: googleapps/state

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 253, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/googleapps/__init__.py", line 129, in state
    ol.gh.list_users(projection="basic")
  File "%PY2.7%/univention/googleapps/handler.py", line 143, in list_users
    return self._list_objects("users", customer, domain, **kwargs)
  File "%PY2.7%/univention/googleapps/handler.py", line 451, in _list_objects
    results = getattr(self.service, object_type)().list(**kwargs).execute()
  File "/usr/lib/python2.7/dist-packages/oauth2client/util.py", line 137, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/googleapiclient/http.py", line 833, in execute
    method=str(self.method), body=self.body, headers=self.headers)
  File "/usr/lib/python2.7/dist-packages/googleapiclient/http.py", line 160, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/oauth2client/transport.py", line 153, in new_request
    credentials._refresh(orig_request_method)
  File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 777, in _refresh
    self._do_refresh_request(http_request)
  File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 834, in _do_refresh_request
    raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
HttpAccessTokenRefreshError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

Role: domaincontroller_master

Comment 2 Johannes Keiser 2019-01-31 17:53:11 CET

Reported again:
Version: 4.3-2 errata331 (Neustadt)
Version: 4.3-2 errata255 (Neustadt)
Version: 4.3-1 errata229 (Neustadt)
Tracebacks: Same as Comment #0

Comment 3 Erik Damrose 2019-03-28 17:17:53 CET

*** Bug 49191 has been marked as a duplicate of this bug. ***

Comment 4 Daniel Tröder 2019-03-29 08:11:55 CET

The user has completed the configuration wizard at this point and has downloaded the certificate.
Most likely user didn't copy and paste the scope configuration into the google admin console.
We should try to reproduce the error by omitting the scope configuration step.

Comment 5 Johannes Keiser 2019-05-16 17:00:10 CEST

Reported again: Version: 4.4-0 errata59 (Blumenthal)
Traceback: Same as Comment #1

Comment 6 Erik Damrose 2020-03-25 15:59:18 CET

*** Bug 51012 has been marked as a duplicate of this bug. ***

Comment 7 Christian Castens 2020-06-26 13:54:22 CEST

reported again:
Version: 4.4-4 errata624 (Blumenthal)
Role: domaincontroller_master
Internal server error during "googleapps/state".
Request: googleapps/state

Comment 8 Ingo Steuwer 2020-06-26 14:15:56 CEST

We know from customers that the setup of the GSuite App works. But we also learned that we need to rework the instructions, see #51581 - this one might be fixed while updating the wizard.

Comment 9 Christian Castens 2020-08-12 08:34:39 CEST

reported again
Versions reported: oldest: 4.3-3 errata430, latest 4.4-3 errata427

Ticket#2019022621000838
Ticket#2019040621000416
Ticket#2019053021000324
Ticket#2019060621000663
Ticket#2019061921001067
Ticket#2019062521000725
Ticket#2019082021000221
Ticket#2019082121000103
Ticket#2019082321000047
Ticket#2019091021001069
Ticket#2019101721000831
Ticket#2020012221001076

The workflow may be slightly different that what's in the wizard, but not different enough to lead me astray. I was able to figure it all out. I have the json key, the roles are assigned, the oAuth directives are in place using the appropriate Client ID, and I have Domain-wide Delegation enabled. Everything is in place exactly like the wizard says it should be. Yet this continues to fail repeatedly at the very end.

Created attachment 10588 [details]
Univention User Template for Google Apps

So could this be the problem? Is the app trying to authenticate using the AD domain rather than the registered domain name that the wizard asks for? That would explain why it works fine for some people and not for others

Comment 12 Maximilian Janßen 2021-11-26 10:45:55 CET

reported again: 2021050121000115


Version: 4.4-8 errata966 (Blumenthal)

Remark: Leider ließ sich die API nicht installieren bitte um Hilfe

Error: 
Interner Server-Fehler in "googleapps/state".
Request: googleapps/state

Traceback (most recent call last):
  File "%PY2.7%/univention/management/console/base.py", line 359, in __error_handling
    six.reraise(etype, exc, etraceback)
  File "%PY2.7%/univention/management/console/base.py", line 262, in execute
    function.__func__(self, request, *args, **kwargs)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 321, in _response
    result = _multi_response(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 181, in _response
    return function(self, request)
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 443, in _response
    return list(function(self, iterator, *nones))
  File "%PY2.7%/univention/management/console/modules/decorators.py", line 289, in _fake_func
    yield function(self, *args)
  File "%PY2.7%/univention/management/console/modules/googleapps/__init__.py", line 129, in state
    ol.gh.list_users(projection="basic")
  File "%PY2.7%/univention/googleapps/handler.py", line 143, in list_users
    return self._list_objects("users", customer, domain, **kwargs)
  File "%PY2.7%/univention/googleapps/handler.py", line 451, in _list_objects
    results = getattr(self.service, object_type)().list(**kwargs).execute()
  File "%PY2.7%/oauth2client/util.py", line 137, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "%PY2.7%/googleapiclient/http.py", line 833, in execute
    method=str(self.method), body=self.body, headers=self.headers)
  File "%PY2.7%/googleapiclient/http.py", line 160, in _retry_request
    resp, content = http.request(uri, method, *args, **kwargs)
  File "%PY2.7%/oauth2client/transport.py", line 153, in new_request
    credentials._refresh(orig_request_method)
  File "%PY2.7%/oauth2client/client.py", line 777, in _refresh
    self._do_refresh_request(http_request)
  File "%PY2.7%/oauth2client/client.py", line 834, in _do_refresh_request
    raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
HttpAccessTokenRefreshError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.

Role: domaincontroller_master

Comment 13 Maximilian Janßen 2021-11-26 15:26:22 CET

reported again: 2021030421000775
Version: 4.4-7 errata906 (Blumenthal)
same traceback as in Comment #12

Comment 14 Maximilian Janßen 2021-12-01 10:45:06 CET

reported again: 2021112821000027
Version: 4.4-8 errata1111 (Blumenthal)
same traceback as in Comment #12

Comment 15 Mika Westphal 2022-10-27 18:08:55 CEST

Reported again: 2022101221000431
Version: 4.4-8 errata1009 (Blumenthal)

Remark: Your screenshots and explanations does not corrolate to anything currently at google this app is unusable
Role: domaincontroller_master