Google Sign In Error 403 - Deprecated Google+ API

Hi,
I’m trying to configure Google Sign In. I configured both, Google Console and my edX instance. I click register, then the “Google” login button and I get to the Google Log In page.
After a succesful login on Google site, it redirects to my site and I’m getting this error:

HTTP 403 Client Error: Forbidden for url: https://www.googleapis.com/plus/v1/people/me?access_token=XXXX

After a little research, I found that my open-edX release (ironwood) is using:
social-auth-app-django==2.1.0
social-auth-core==1.7.0

The code in social-auth-core==1.7.0 is doing social_core/backends/google.py (lines 52 to 61):

class BaseGoogleOAuth2API(BaseGoogleAuth):
    def user_data(self, access_token, *args, **kwargs):
        """Return user data from Google API"""
        return self.get_json(
            'https://www.googleapis.com/plus/v1/people/me',
            params={
                'access_token': access_token,
                'alt': 'json'
            }
        )

And that API is deprecated (https://developers.google.com/people/legacy)

Can I enable the Legacy People API for a new developer project?

No, the Legacy People API cannot be enabled for new developer projects. Use recommended alternatives such as Google Sign-in or Google People API.

Newer versions of those dependencies uses different a URL, and if i try the request it works fine.

Is there any workaround to configure Google Sign In?
What do you think about increasing the dependecy versions? I’m thinking in upgrading both to latest versions:
social-auth-app-django==3.1.0
social-auth-core==3.2.0

Thanks!
Juan Arias

1 Like

Finally I did upgrade those package versions to:
social-auth-app-django==3.1.0
social-auth-core==3.2.0

And it works perfectly!

1 Like

Hello, and a happy new year!

I have the same problem. I installed these two packages using the following commands from the /edx/app/edxapp directory but the problem remains. Can you help me by giving me some details about the steps you made?
Thanks in advance!

** the two commands
pip install social-auth-app-django
pip install social-auth-core

I think that if you don’t specify the version, pip will “install” the same that is already installed. So, it wont do anything.

I changed the versions in requirements file, specifying upgraded version:
social-auth-app-django==3.1.0
social-auth-core==3.2.0

I’m using tutor, so I did it in my private.txt file. And then, the deploy routine will download those packages.
If you are using plain edX, you can change it in requirements/edx/base.in file

If you want to test it, maybe you can use:
pip install social-auth-app-django==3.1.0
pip install social-auth-core==3.2.0

But if you re-install your platform, it wont keep those upgraded versions.

Best regards!

Hello and thank you for your answer,

finally I manage to fix it following a more complicated way. I enabled the People API instead of Google+ API, and then I copied the new packages’ folders to /edx/app/edxapp/venvs/edxapp/lib/python2.7/site-packages/

I restarted the platform and it worked like a charm!
Thanks any way because with out your originale message I wouln’t have fixed anything.

Best regards!