PIONEERS Asterisk OAUTH GV patches

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
** NOTE: THIS NOW WORKS ON CENTOS & UBUNTU PLATFORMS **

In case you haven't been following this thread on DSL Reports Forum, here is the patch that will let you modify Asterisk 11 to support OAUTH authentication for Google Voice. Once you apply this patch and restart Asterisk 11, your Google Voice connections will all die until you go through the procedure to reenable them with OAUTH authentication (Procedure is documented below). This is a cost-free OAUTH solution provided by Ryan Tilton at GVsip with MAJOR special help from dziny. We will integrate this into all Incredible PBX builds shortly.

Code:
# on Ubuntu platform, use this section:
apt-get -y install curl libcurl3-gnutls libcurl4-gnutls-dev libjansson4 libjansson-dev ca-certificates unzip
 
# on CentOS (64-bit only) platform, use this section:
cd /root
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/6/x86_64/jansson-2.6-1.el6.x86_64.rpm
rpm -Uvh jansson*
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/6/x86_64/jansson-devel-2.6-1.el6.x86_64.rpm
rpm -Uvh jansson-devel*
 
# on CentOS (32-bit only) platform, use this section:
cd /root
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/6/i386/jansson-2.6-1.el6.i686.rpm
rpm -Uvh jansson*
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/6/i386/jansson-devel-2.6-1.el6.i686.rpm
rpm -Uvh jansson-devel*
 
# on ALL platforms, do the following:
cd /usr/src/asterisk-11*
wget http://incrediblepbx.com/asterisk11-gv-o2auth.patch.zip
unzip asterisk11-gv-o2auth.patch.zip
patch -p1 < asterisk11-gv-o2auth.patch
 
make distclean
autoconf
./bootstrap.sh
./configure
 
make menuselect.makeopts
menuselect/menuselect --enable-category  MENUSELECT_ADDONS menuselect.makeopts
menuselect/menuselect --enable CORE-SOUNDS-EN-GSM --enable MOH-OPSOUND-WAV --enable EXTRA-SOUNDS-EN-GSM --enable cdr_mysql menuselect.makeopts
menuselect/menuselect --disable app_mysql --disable app_setcallerid --disable func_audiohookinherit menuselect.makeopts
 
# in the next step, verify that the setup is the way you expect
make menuselect
make
make install
 
echo "icesupport=yes" >> /etc/asterisk/sip_general_custom.conf
echo "stunaddr=stun.counterpath.net" >> /etc/asterisk/sip_general_custom.conf
amportal restart
 

Attachments

  • asterisk11-gv-o2auth.patch.zip
    12.9 KB · Views: 27

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Procedure to Obtain OAUTH refresh_token(s) from GVsip.com for Google Voice accounts

To begin, goto gvsip.com with your browser. Scroll to the bottom of the screen and choose Open Source -> Get Access (red option on the left).

NOTE: This is a totally FREE service provided by GVsip!

CIbuAvJWsAAJqnY.jpg


You will be redirected to Google's site to login to your Google Voice account.

CIbwdpnWwAAajpl.jpg


Log in as usual. Your password will NOT be provided to GVsip! That's what OAUTH is all about.

You will be redirected back to the GVsip site. Choose Google Voice (on the left) and then Advanced Google OAUTH2 Manager (upper right)

CIbxJghWgAEmh8l.jpg


You'll be prompted to choose your Google Voice account which should display since you've logged in. If so, click the Right Arrow. Otherwise, choose a different account. (Not sure what happened to Step #3. I obviously can't count that well. Not to worry. You haven't missed a step!)

CIbx_ytWEAAo4cd.jpg


Once you choose the account, you'll be advised that certain info will be shared with GVsip, NOT your password! Click Accept.

CIbySdtXAAAMtk-.jpg


Your Google Voice refresh_token will appear and be stored on the GVsip site. Write it down and leave it there.

Now return to FreePBX GUI or Incredible PBX GUI and add your Google Voice account credentials using your new refresh_token for your password.

CIbzM_WWgAAmCDD.jpg


Make a test call in and out to verify that things are working.
 

fabian

New Member
Joined
Oct 29, 2014
Messages
9
Reaction score
1
I singed up but it says only 1000 min per month. Not that I will use more than that, but before I had unlimited and we all like that :)
 

fabian

New Member
Joined
Oct 29, 2014
Messages
9
Reaction score
1
I think I did, but it appears that they have changed things.. take a look again
 

jake372

Member
Joined
Jun 29, 2015
Messages
94
Reaction score
5
I got the same notice that fabian did. Top of the screen it says "1000 free minutes left this month, Upgrade to Unlimited : Welcome Page. I pretty sure I followed the exact steps.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
That is an option on the page. The correct choice is to click where the right arrow (marked as Step #2) is pointing...

CIbxJghWgAEmh8l.jpg
 

hoolahoous

New Member
Joined
Nov 7, 2010
Messages
15
Reaction score
2
i got same 1000 minutes left and i followed the instructions. don't see refresh token anywhere.

EDIT: i finally got the refresh token. top of screen still says 1000 minutes though.
 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
It would be 1000 minutes per month if you decided to start using their SIP trunking. Instead you are taking the refresh token and connecting to Google on your own. So the 1000 minutes is irrelevant; they can't meter your use of your own system. :)
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Could it be that it's intentionally confusing to encourage use of their (paid) services? I'm shocked. :eek:

Help us out here, billsimon. Shouldn't be very hard to replicate the service, and we can amend the patch to point to different Google credentials.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
Originally posted by @carib8 on DSLR Forum (inexplicably deleted by moderator). Now posted here: https://gist.github.com/anonymous/8b4a0101f5101f756bb9

NOTE: it looks like this script needs to be run from the same IP as the one where you accessed the Google Developer Console.

Code:
It's possible to bypass gvsip totally. Go to Google Developer Console and register a new project. Under APIs & auth, Credentials, register a new client ID for Installed Application,
Installed application type choose Other.
 
Copy client ID and client secret. Replace in script below (adopted by »www.blogbyben.com/2015/0 ··· nux.html)

Code:
#!/bin/bash
 
##
## Authenticate with Google Voice
##
USAGE="`basename $0` {auth|refresh|token} ctx"
CTX_DIR=$HOME/.gvauth
CLIENT_ID="YOUR_CLIENTID_FROM_GOOGLE_DEVELOPER_CONSOLE"
CLIENT_SECRET="YOUR_CLIENTSECRET_FROM_GOOGLE_DEVELOPER_CONSOLE"
SCOPE="https://www.googleapis.com/auth/googletalk%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/userinfo.profile"
 
ctx=default
 
function usage {
  echo "Usage: `basename $0` [-h] [-c context] {init|token}"
  exit
}
 
function age {
  modified=`stat -c %X $1`
  now=`date +%s`
  expr $now - $modified
}
 
function refresh {
  refresh_token=`cat $CTX_DIR/$ctx.refresh_token`
  curl -si \
      -d client_id=$CLIENT_ID \
      -d client_secret=$CLIENT_SECRET \
      -d refresh_token=$refresh_token \
      -d grant_type=refresh_token \
      https://www.googleapis.com/oauth2/v3/token > $CTX_DIR/$ctx.refresh
  grep access_token $CTX_DIR/$ctx.refresh | sed -e 's/.*: "//' -e 's/",//' > $CTX_DIR/$ctx.access_token
}
 
while getopts :hc: opt ; do
  case $opt in
    c) ctx=$OPTARG ;;
    h) usage ;;
  esac
done
shift $(($OPTIND - 1))
 
cmd=$1 ; shift
 
mkdir -p $CTX_DIR
case $cmd in
  init)
    url=`curl -L -gsi \
        -d scope=$SCOPE \
        -d redirect_uri=urn:ietf:wg:oauth:2.0:oob \
        -d response_type=code \
        -d client_id=$CLIENT_ID\
        https://accounts.google.com/o/oauth2/auth | \
    grep Location: | \
      sed 's/Location: //'`
    echo $url | xclip -in -selection clipboard
    echo $url
    echo -n "Code? "
    read code
    curl -s \
        -d client_id=$CLIENT_ID \
        -d client_secret=$CLIENT_SECRET \
        -d code=$code \
        -d grant_type=authorization_code \
        -d redirect_uri=urn:ietf:wg:oauth:2.0:oob \
        https://www.googleapis.com/oauth2/v3/token > $CTX_DIR/$ctx.init
    grep access_token $CTX_DIR/$ctx.init | sed -e 's/.*: "//' -e 's/",//' > $CTX_DIR/$ctx.access_token
    grep refresh_token $CTX_DIR/$ctx.init | sed -e 's/.*: "//' -e 's/"//' > $CTX_DIR/$ctx.refresh_token
    echo "Done"
    ;;
  token)
    if [ ! -f $CTX_DIR/$ctx.access_token ] ; then
      echo "Unknown context: $ctx. Try initing first."
      exit
    fi
    age=`age $CTX_DIR/$ctx.access_token`
    if [ $age -gt 3600 ] ; then
      refresh
    fi
    cat $CTX_DIR/$ctx.access_token
    ;;
  *)
    usage
esac

Code:
Run the script with init option and when prompted for code, switch to browser and paste the link in clipboard, copy code and paste back in console, client refresh token will be saved in .gvauth folder. Use this refresh token as your google voice password in Asterisk.
 
In the asterisk110gv-o2auth.patch, replace these 2 lines with your own values:
 
 
+    const char * client_id = "470306186573-jtdetm9fb2b28k4gumaleamea7a14deh.apps.googleusercontent.com";
+    const char * client_secret = "zWK1W_I-4ZlfRoFnYRoGhsrB";
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
NOTE: This is required for the script above. Can't quite get it to work, but somebody smarter will. :banghead:

Adding X Windows to VirtualBox Incredible GUI image:

Code:
yum install xclip
yum groupinstall "X Window System" "Desktop" "Desktop Platform"
yum install gdm
mkdir /media/cdrom
mount /dev/scd0 /media/cdrom
sh /media/cdrom/VBoxLinuxAdditions.run
yum install firefox
startx

CI6VUTwUwAAXYoD.jpg
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,170
Reaction score
5,199
I'm getting that same deja vu feeling I've had in the past of spending to much time on Google Voice. Calling is so cheap on other real services!


I'm ASS-U-Ming that Google Voice has decided to stay in the VoIP business for the long haul since implementing OAUTH security... But I Could Be Wrong

 

billsimon

Well-Known Member
Joined
Jan 2, 2011
Messages
1,535
Reaction score
728
Help us out here, billsimon. Shouldn't be very hard to replicate the service, and we can amend the patch to point to different Google credentials.

You mean a service to produce a refresh token?

There's an easier way to do it just through the Google OAUTH2 playground page. (https://developers.google.com/oauthplayground)

After you go through the steps to generate your project and get client ID and secret, put the oauth2 playground URL into the list of authorized Redirect URIs. This list is found in the Google Developers Console - (project you created) - APIs & Auth - Credentials - Edit Settings button. Now go to the playground page, click the gear icon to change settings, and click the box for using your own OAUTH2 credentials. Enter your id/secret there.

Then close the settings box and enter "https://www.googleapis.com/auth/googletalk" in the "Input your own scopes" field. Then click Authorize API, authenticate, and then click "Exchange authorization code for tokens." Now reopen step 2 (which got collapsed) and grab the refresh token.

The client ID, secret, user@domain, and refresh token are the four pieces needed to fully DIY with OAUTH2 in Asterisk.
 

undrhil

Member
Joined
Feb 7, 2008
Messages
158
Reaction score
12
Ward,

I can't get past the very first post. When I issue the wget command, I am getting a "host not found" for ftp.phone.net. Is there another mirror site we can use for these files?

And I now see that it's not 'phone' but 'pbone'. Bad font! Making h and b look alike! Bad! :p
 

Members online

Forum statistics

Threads
25,782
Messages
167,512
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top