Univention Bugzilla – Bug 46926
googleapps/state: Client is unauthorized to retrieve access tokens using this method.
Last modified: 2022-10-27 18:08:55 CEST
Version: 4.3-0 errata22 (Neustadt) Internal server error during "googleapps/state". Request: googleapps/state Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 253, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/googleapps/__init__.py", line 129, in state ol.gh.list_users(projection="basic") File "%PY2.7%/univention/googleapps/handler.py", line 143, in list_users return self._list_objects("users", customer, domain, **kwargs) File "%PY2.7%/univention/googleapps/handler.py", line 451, in _list_objects results = getattr(self.service, object_type)().list(**kwargs).execute() File "/usr/lib/python2.7/dist-packages/oauth2client/util.py", line 137, in positional_wrapper return wrapped(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/googleapiclient/http.py", line 833, in execute method=str(self.method), body=self.body, headers=self.headers) File "/usr/lib/python2.7/dist-packages/googleapiclient/http.py", line 160, in _retry_request resp, content = http.request(uri, method, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/oauth2client/transport.py", line 153, in new_request credentials._refresh(orig_request_method) File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 777, in _refresh self._do_refresh_request(http_request) File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 834, in _do_refresh_request raise HttpAccessTokenRefreshError(error_msg, status=resp.status) HttpAccessTokenRefreshError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method. Role: domaincontroller_master
Version: 4.3-2 errata344 (Neustadt) Interner Server-Fehler in "googleapps/state". Request: googleapps/state Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 253, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/googleapps/__init__.py", line 129, in state ol.gh.list_users(projection="basic") File "%PY2.7%/univention/googleapps/handler.py", line 143, in list_users return self._list_objects("users", customer, domain, **kwargs) File "%PY2.7%/univention/googleapps/handler.py", line 451, in _list_objects results = getattr(self.service, object_type)().list(**kwargs).execute() File "/usr/lib/python2.7/dist-packages/oauth2client/util.py", line 137, in positional_wrapper return wrapped(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/googleapiclient/http.py", line 833, in execute method=str(self.method), body=self.body, headers=self.headers) File "/usr/lib/python2.7/dist-packages/googleapiclient/http.py", line 160, in _retry_request resp, content = http.request(uri, method, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/oauth2client/transport.py", line 153, in new_request credentials._refresh(orig_request_method) File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 777, in _refresh self._do_refresh_request(http_request) File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 834, in _do_refresh_request raise HttpAccessTokenRefreshError(error_msg, status=resp.status) HttpAccessTokenRefreshError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested. Role: domaincontroller_master
Reported again: Version: 4.3-2 errata331 (Neustadt) Version: 4.3-2 errata255 (Neustadt) Version: 4.3-1 errata229 (Neustadt) Tracebacks: Same as Comment #0
*** Bug 49191 has been marked as a duplicate of this bug. ***
The user has completed the configuration wizard at this point and has downloaded the certificate. Most likely user didn't copy and paste the scope configuration into the google admin console. We should try to reproduce the error by omitting the scope configuration step.
Reported again: Version: 4.4-0 errata59 (Blumenthal) Traceback: Same as Comment #1
*** Bug 51012 has been marked as a duplicate of this bug. ***
reported again: Version: 4.4-4 errata624 (Blumenthal) Role: domaincontroller_master Internal server error during "googleapps/state". Request: googleapps/state
We know from customers that the setup of the GSuite App works. But we also learned that we need to rework the instructions, see #51581 - this one might be fixed while updating the wizard.
reported again Versions reported: oldest: 4.3-3 errata430, latest 4.4-3 errata427 Ticket#2019022621000838 Ticket#2019040621000416 Ticket#2019053021000324 Ticket#2019060621000663 Ticket#2019061921001067 Ticket#2019062521000725 Ticket#2019082021000221 Ticket#2019082121000103 Ticket#2019082321000047 Ticket#2019091021001069 Ticket#2019101721000831 Ticket#2020012221001076
The workflow may be slightly different that what's in the wizard, but not different enough to lead me astray. I was able to figure it all out. I have the json key, the roles are assigned, the oAuth directives are in place using the appropriate Client ID, and I have Domain-wide Delegation enabled. Everything is in place exactly like the wizard says it should be. Yet this continues to fail repeatedly at the very end.
Created attachment 10588 [details] Univention User Template for Google Apps So could this be the problem? Is the app trying to authenticate using the AD domain rather than the registered domain name that the wizard asks for? That would explain why it works fine for some people and not for others
reported again: 2021050121000115 Version: 4.4-8 errata966 (Blumenthal) Remark: Leider ließ sich die API nicht installieren bitte um Hilfe Error: Interner Server-Fehler in "googleapps/state". Request: googleapps/state Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 359, in __error_handling six.reraise(etype, exc, etraceback) File "%PY2.7%/univention/management/console/base.py", line 262, in execute function.__func__(self, request, *args, **kwargs) File "%PY2.7%/univention/management/console/modules/decorators.py", line 321, in _response result = _multi_response(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "%PY2.7%/univention/management/console/modules/decorators.py", line 443, in _response return list(function(self, iterator, *nones)) File "%PY2.7%/univention/management/console/modules/decorators.py", line 289, in _fake_func yield function(self, *args) File "%PY2.7%/univention/management/console/modules/googleapps/__init__.py", line 129, in state ol.gh.list_users(projection="basic") File "%PY2.7%/univention/googleapps/handler.py", line 143, in list_users return self._list_objects("users", customer, domain, **kwargs) File "%PY2.7%/univention/googleapps/handler.py", line 451, in _list_objects results = getattr(self.service, object_type)().list(**kwargs).execute() File "%PY2.7%/oauth2client/util.py", line 137, in positional_wrapper return wrapped(*args, **kwargs) File "%PY2.7%/googleapiclient/http.py", line 833, in execute method=str(self.method), body=self.body, headers=self.headers) File "%PY2.7%/googleapiclient/http.py", line 160, in _retry_request resp, content = http.request(uri, method, *args, **kwargs) File "%PY2.7%/oauth2client/transport.py", line 153, in new_request credentials._refresh(orig_request_method) File "%PY2.7%/oauth2client/client.py", line 777, in _refresh self._do_refresh_request(http_request) File "%PY2.7%/oauth2client/client.py", line 834, in _do_refresh_request raise HttpAccessTokenRefreshError(error_msg, status=resp.status) HttpAccessTokenRefreshError: unauthorized_client: Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested. Role: domaincontroller_master
reported again: 2021030421000775 Version: 4.4-7 errata906 (Blumenthal) same traceback as in Comment #12
reported again: 2021112821000027 Version: 4.4-8 errata1111 (Blumenthal) same traceback as in Comment #12
Reported again: 2022101221000431 Version: 4.4-8 errata1009 (Blumenthal) Remark: Your screenshots and explanations does not corrolate to anything currently at google this app is unusable Role: domaincontroller_master