Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,988 questions
Google Calendar is not picked up for consent when configured Google as the Identity provider in the App Services Authentication section
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 17%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Krishnamoorthy Ramakrishna
0
Reputation points
I have developed a Streamlit application that leverages Google Calendar. The app hosted in Azure App Services (linux based, GitHub Action being a trigger for deployment - which is working fine. I am leveraging the X-HEADERS set by Azure (Ex: "X-MS-TOKEN-GOOGLE-ACCESS-TOKEN") for getting the token and build the necessary services. The Google project is configured to ask consent for basic user details, email, profile picture and Google Calendar. But when the login and consent redirection happens from Azure, google does not show Calendar. It shows only the basic info requested.
Additionally, at this point, the Google project is under Testing and not made as Production.
How to make Azure instruct Google to ask consent for Google calendar?
Azure App Service
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 61%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELR%3C/text%3E%3C/svg%3E)
Laxman Reddy Revuri 5,400 Reputation points Microsoft External Staff Moderator2024-10-15T17:18:29.4966667+00:00 Hi @Krishnamoorthy Ramakrishna
Thanks for the question and using MS Q&A platform.When hosting your Streamlit app on Azure App Services, if the Google Calendar consent prompt is missing during login, check these points:
Ensure that the Google Calendar scope is included in the configuration of your OAuth consent screen.
Since your project is currently under testing, it might have some limitations. Moving your project to production can help resolve some of these issues. To do this, go to the OAuth consent screen in the Google Cloud Console and publish your app.
Make sure your Google API project is set up to access the Google Calendar API. Go to the Google Cloud Console, look under "APIs & Services," and check if the "Google Calendar API" is listed under API restrictions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it.
-
Krishnamoorthy Ramakrishna 0 Reputation points
2024-10-16T17:04:59.7333333+00:00 Hi Revuri, thanks much for the prompt reply.
I have double-checked the points 1 and 3. They are fine.
Reg. making it to production, at present I am not in a position to move to Production.
I can assure no problem from the google side since if I try to use Python lib for Google Auth, the calendar is shown as a part of consent screen.
Hence I have to conclude I am missing something when configuring from the Azure Side. For Google, Azure Auth does not provide any configuration for Scopes. It is just asking us to define scopes in Google correctly.
Additionally, I tried updating the configuration in Azure using "Update Auth2 settings V2" from the Cloud Console. After successful update the Auth settings are looking like the below. But still I have the same issue:
Auth Settings:
{
"enabled": True,
"runtimeVersion": ,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": True,
"allowedExternalRedirectUrls": ,
"defaultProvider": "google",
"clientId": ,
"clientSecret": ,
"clientSecretCertificateThumbprint": ,
"issuer": ,
"allowedAudiences": ,
"isAadAutoProvisioned": False,
"googleClientId": "masked",
"googleClientSecret": ,
"googleOAuthScopes": "[
"openid profile email https://www.googleapis.com/auth/calendar"
]",
"facebookAppId": ,
"facebookAppSecret": ,
"facebookOAuthScopes": ,
"twitterConsumerKey": ,
"twitterConsumerSecret": ,
"microsoftAccountClientId": ,
"microsoftAccountClientSecret": ,
"microsoftAccountOAuthScopes": ,
"openIdConnectProviders": ""{}""
}
Hope this helps you to probe further
-
Krishnamoorthy Ramakrishna 0 Reputation points
2024-10-16T17:11:18.2033333+00:00 Hi Revuri, thanks for the quick reply!
Point 1 & 3 - I have verified and they are fine.
Poinrt 2 - Unfortunately I cannot make it Production at this point.
I can confirm the configuration in Google is correct as I can see the Consent for Calendar is shown when I use python libraries for Google Auth in a separate app.
Additionally, I tried updating the auth configuration with "Update Auth Settings V2" commands using Cloud Console. After update, below is the Auth Settings.
Auth Settings:
{
"enabled": True,
"runtimeVersion": ,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": True,
"allowedExternalRedirectUrls": ,
"defaultProvider": "google",
"clientId": ,
"clientSecret": ,
"clientSecretCertificateThumbprint": ,
"issuer": ,
"allowedAudiences": ,
"isAadAutoProvisioned": False,
"googleClientId": "masked",
"googleClientSecret": ,
"googleOAuthScopes": "[
"openid profile email https://www.googleapis.com/auth/calendar"
]",
"facebookAppId": ,
"facebookAppSecret": ,
"facebookOAuthScopes": ,
"twitterConsumerKey": ,
"twitterConsumerSecret": ,
"microsoftAccountClientId": ,
"microsoftAccountClientSecret": ,
"microsoftAccountOAuthScopes": ,
"openIdConnectProviders": ""{}""
}
But the issue is not resolved yet. Hope the above can help you to probe further.
-
Krishnamoorthy Ramakrishna 0 Reputation points
2024-10-20T16:55:23.0533333+00:00 Any updates on this request, please?
-
Laxman Reddy Revuri 5,400 Reputation points Microsoft External Staff Moderator
2024-10-21T15:41:37.6+00:00 Hi @Krishnamoorthy Ramakrishna
Here are some things to check in your Azure configuration:
Make sure the redirect URI in your Google Console matches exactly with your Azure app's auth callback URL- It should be something like:
https://your-app-name.azurewebsites.net/.auth/login/google/callback - Double check that
googleClientIdandgoogleClientSecretare properly set
Verify thetokenStoreEnabledsetting is helping store the tokens properly - Try this troubleshooting step:
{ "googleOAuthScopes": [ "openid", "profile", "email", "https://www.googleapis.com/auth/calendar" ] }- Instead of a string containing brackets, try formatting the scopes as a proper JSON array
- After authentication, try accessing the
/.auth/me endpoint of your app - This will show what tokens and claims Azure received from Google
- Check if the calendar scope is included in the returned tokens
Update Auth Settings V2"Overview
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/update-auth-settings?view=rest-appservice-2024-04-01&tabs=HTTP
I hope this information is helpful.
- It should be something like:
-
Laxman Reddy Revuri 5,400 Reputation points Microsoft External Staff Moderator
2024-10-23T10:03:07.67+00:00 Hi @Krishnamoorthy Ramakrishna
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help. -
Laxman Reddy Revuri 5,400 Reputation points Microsoft External Staff Moderator
2024-10-25T08:48:23.4466667+00:00 Hi @Krishnamoorthy Ramakrishna
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help. -
Krishnamoorthy Ramakrishna 0 Reputation points
2024-11-04T06:24:21.5266667+00:00 Hi, nothing worked and I have completely rewritten the code using flask framework where in the custom code takes care of authentication. Please close this ticket. Thanks and apologies for the delayed reply.
Sign in to comment
Sign in to answer