Resource icon

TUTORIAL IncrediblePBX GoogleVoice OAUTH

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
@chris_c_ I just generated a new token for a GV account that's never had one, and it works fine. So... that's not it.

Has this GV module been tested for GV accounts which are NOT based on a gmail address??

The only GV trunk here which is failing to connect to GV, is based off a google account which is based on a @yahoo.com address for login.

You CAN have a google account which has a "username" (email address) that is not a gmail address. Has anyone tested this ???

Here's log lines from full log, xmpp set debug on.


Code:
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP received from 'gusernameyahoocom' --->
<stream:stream from="yahoo.com" id="xxxxxxxxxxxxxx" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
<------------->
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP received from 'gusernameyahoocom' --->
<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>PLAIN</m
echanism></mechanisms></stream:features>
<------------->
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP sent to 'gusernameyahoocom' --->
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='X-OAUTH2' auth:service='oauth2' xmlns:auth='http://www.google.com/talk/protocol/auth'>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</auth>
<------------->
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP received from 'gusernameyahoocom' --->
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/><auth:missing-username xmlns:auth="google:auth"/></failure>
<------------->
[2016-08-29 20:04:17] WARNING[5764] res_xmpp.c: Parsing failure: Hook returned an error.

It's freaking out about "missing username" which is the @yahoo.com email address filled in on the GV motif module page.
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
I think that's probably the problem. This was carlb code from DSL Reports and I suspect that's baked into the code.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,534
Reaction score
727
Has this GV module been tested for GV accounts which are NOT based on a gmail address??

The only GV trunk here which is failing to connect to GV, is based off a google account which is based on a @yahoo.com address for login.

You CAN have a google account which has a "username" (email address) that is not a gmail address. Has anyone tested this ???

Here's log lines from full log, xmpp set debug on.


Code:
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP received from 'gusernameyahoocom' --->
<stream:stream from="yahoo.com" id="xxxxxxxxxxxxxx" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">
<------------->
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP received from 'gusernameyahoocom' --->
<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-OAUTH2</mechanism><mechanism>X-GOOGLE-TOKEN</mechanism><mechanism>PLAIN</m
echanism></mechanisms></stream:features>
<------------->
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP sent to 'gusernameyahoocom' --->
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='X-OAUTH2' auth:service='oauth2' xmlns:auth='http://www.google.com/talk/protocol/auth'>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</auth>
<------------->
[2016-08-29 20:04:17] VERBOSE[5764] res_xmpp.c:
<--- XMPP received from 'gusernameyahoocom' --->
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/><auth:missing-username xmlns:auth="google:auth"/></failure>
<------------->
[2016-08-29 20:04:17] WARNING[5764] res_xmpp.c: Parsing failure: Hook returned an error.

It's freaking out about "missing username" which is the @yahoo.com email address filled in on the GV motif module page.

Only works with Gmail and Google Apps accounts because this method requires Google Chat, only available on those two kinds of accounts. Move your Yahoo GV account to a Gmail and you'll be all set.
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
Only works with Gmail and Google Apps accounts because this method requires Google Chat, only available on those two kinds of accounts. Move your Yahoo GV account to a Gmail and you'll be all set.

I'll move it to a gmail as a workaround to get it to login and stop filling up the full log with a login attempt every second, but let me tell you why I'm sure this is a bug in the motif/xmpp code that needs fixing.

1. When you you sign up for a "google account", which is simply an email address and password, used to build a profile about you, and to identify you when accessing any google service (youtube, gvoice, maps, search, etc..). Google lets you use an existing email account for your username, such as a yahoo.com address in this case. You're not forced to have a gmail email account in order to have a google account.

2. This google account ([email protected]) has gvoice and a phone number which are working fine, for call forwarding, text messages, etc. Google chat is available.

3. The issue appears to be on the xmpp code. I appears that in res/res_xmpp.c the XOAUTH2 implementation is making a wrong assumption. Namely, the code is ignoring the fact that OAUTH is a login client, and when the code talks to google and incorrectly just parses out the domain from the email address entered in the username field, and specifies the "domain" as yahoo.com, google.com is from this point technically, as far as the OAUTH protocol is concerned, not the proper login provider for that domain, so, error. In other words, res_xmpp is telling google that it wants to login to the yahoo OAUTH2 authenticator. I think res_xmpp.c should force pick google.com for the "domain" field of the xmpp conversation, or possibly omit the domain, and just use the full ([email protected] in this case) email address as the username. Said another way, the code should skip parsing out the domain from the email address. google is always the login server for motif/gvoice, not yahoo.com. The login username would probably succeed as the full email address, and specify default or google for the domain.
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
But this isn't Digium code.
Joshua Colp added a comment - Today 4:49 PM

The oauth code you are referring to is not part of the res_xmpp that is in Asterisk. It is a third party patch and any problems with it should be brought up elsewhere.

If an issue can be reproduced without using the third party patch we can investigate.

Where's the repository and who's the maintainer for this xmpp gv motif patch to res_xmpp.c ?
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
OK so the workaround that worked for this "Google Account" is as as follows:

You sign into the google account in question (the one with only a non-gmail address as the username), browse to http://mail.google.com as if you were trying to read the associated gmail inbox which does not exist for this google account, and it immediately offers you to create a new gmail address (complete with inbox) to add to the account which you had been signing into with the external email address.

You try to find a new gmail address that hasn't been taken yet, pick a password, enter real name, phone number, done.

It informs you, from now on you can sign into this google account using EITHER email address (yahoo.com or gmail.com), however it considers the gmail address the primary email address, whatever that means.

Within moments of the gmail address having been created and added to the google account that previously had only the yahoo.com address associated with it, asterisk suddenly succeeds at the motif/xmpp/jabber login to gvoice, and the status for this particular gvoice line, automatically turns green (Connect) on its own.

Bonus, you do NOT have to change the login username setting in the IncrediblePBX web application. The reason for this appears to be EITHER email address is acceptable to login to the google/gvoice account.
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
1. @wardmundy Is there any reason why you haven't taken the most updated patch to the gvoice/motif module which lets you get the refresh token entirely inside the web gui, and totally avoid the "google oauth2 playground" ? Refer to this post by RonR which also contains the download links to both the asterisk patch and thee motif patch.. http://www.dslreports.com/forum/r30161667-


2.
Shell script: https://gist.github.com/anonymous/8b4a0101f5101f756bb9
res_xmpp.c : https://gist.github.com/anonymous/73ad61806dda6bfaed0b
DLSR thread (9+ pages long): http://www.dslreports.com/forum/r30...AUTH2-0-connection-with-Google-Voice~start=88

EDIT: carlb8 has a github repo for the res_xmpp.c patch code.
https://github.com/carlb8/asterisk/tree/carlb8-asterisk11.18-OAUTH2
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
@chris_c_: As I've told you before, this is an open source project. CONTRIBUTIONS FROM OTHERS ARE ALWAYS WELCOMED. The carping really doesn't get us anywhere. In the year+ that this OAuth solution has been available, there has been exactly one complaint that it doesn't work with a non-standard Gmail address, yours. If it's that important to you to fix it to meet your unique situation, then feel free to address it although it sounds like you found an extremely simple workaround.

With all due respect, this isn't a priority for us for obvious reasons, i.e. it ain't broke. And, sometime over a beer, I'll be glad to explain the "Digium politics" of the situation which pretty much rules out this ever being picked up in the Asterisk code base. In the meantime, we all have bigger fish to fry. :surrender:
 
Last edited:

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
@wardmundy Thanks, it'd be interesting to hear about politics surrounding getting patches such as oauth2 into the asterisk res_xmpp.c code.
This morning, two digium people folks on github say they're open to reviewing the oauth2 login patch for res_xmpp, as long as the authors submit it to gerrit.asterisk.org for peer review, following their patch contribution process.
Digium comments on github:
https://github.com/asterisk/asterisk/pull/4#issuecomment-243757791
Asterisk patch contrib process:
https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process
Digium Contributor License Agreement v3.0 which you have to sign before they take a patch:
https://issues.asterisk.org/jira/secure/DigiumLicense.jspa
 
Last edited:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
You missed the "over a beer" part. I'm aware of the procedure, but it's never going to happen. I'll leave it at that for now.
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
You missed the "over a beer" part. I'm aware of the procedure, but it's never going to happen. I'll leave it at that for now.
Feel free to PM me your skype contact for direct communcation.

Also, let me ask you this, why not take the motif module patch which internalizes the generation of the access token conveniently from inside the pbx web gui ?

Plus, carlb8's added motif module feature to have a separate access token per GV account? Very handy when you're adding a gvoice account that you don't own, the owner can give you the login username and access token and you're all set, no need for them to share their password with you.
 
Last edited:

miguel

Member
Joined
May 22, 2013
Messages
276
Reaction score
8
after I upgraded my raspberry pi to asterisk 13.13.1 google trunks are working perfectly but on the cli the GV OAUTH shows as down, is that normal? is there a fix for this?

best regards,

MN
 

miguel

Member
Joined
May 22, 2013
Messages
276
Reaction score
8
it is configured with oauth token. The google voice trunks work great but the cli says that google GVOAUTH dn that is on a raspberry just after asterisk 13.13.1 upgrade.
@miguel Did you configure it to login with plaintext password? or OAUTH token?
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
it is configured with oauth token. The google voice trunks work great but the cli says that google GVOAUTH dn that is on a raspberry just after asterisk 13.13.1 upgrade.
What version is shown in the top line of status?? Change that to 13-12.3 in /etc/pbx/.version and you should get the correct display.
 

miguel

Member
Joined
May 22, 2013
Messages
276
Reaction score
8
thanks for the reply that exact version is shown, the first time I updated it said asterisk version asterisk such, then I upgraded again and now it displays the correct version asterisk 13.13.1.
But the status says Gvoauth DN


What version is shown in the top line of status?? Change that to 13-12.3 in /etc/pbx/.version and you should get the correct display.
 
Last edited:

Members online

No members online now.

Forum statistics

Threads
25,781
Messages
167,507
Members
19,201
Latest member
troutpocket
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top