Documentation of API "Completing a new backup configuration"

The documentation is a bit confusing:

It says that attribute (!) must be the '4/AA' token - this quite certainly is incorrect, since it is given in the body.
In addition, as I understand the text, it must be called with

Authorization: Bearer {token}), with the token provided in the response to step 1.

Since I use Bearer authorization for the API calls, I understand that the backup Bearer replaces the authorization Bearer?

So should it read in the Headers section:

Content-Type:application/json
Authorization: Bearer 4/5wHtDybx......

I have not been able to get backups to work from API test cases - works ok from Web Interface.

Cetereo censeo: I hope to see some non-google version, because using Google backups stored in an non-compliant country is not in line with European Data Protection Law, even when encrypted. Thinking of today's events, replace non-compliant by some less diplomatic term.

There are actually two forms of auth involved: the auth from Central (the token from the first request) and the auth from Google (the code you receive after navigating to the URL from the first request). For the second request, you specify the Central token in the Authorization header (instead of whatever token you would normally specify). For the body of the second request, you specify a JSON object whose code property is the Google code.

Note that backup configuration involves manual interaction after the first request:

To complete the backup configuration, it is necessary to use the Google OAuth URL returned by [the first] endpoint and have a human interactively undergo the Google OAuth process to authorize ODK Central to send files to their account.

Thanks for noting this. I don't have any concrete updates on this, but this is something we've been discussing and is definitely a possibility for a future version.

Thanks, I found my error (reported here for others): the relevant part is

(the code you receive after navigating to the URL from the first request).

I had thought that and google token would do, and had used the token returned from configuring the backup with the IDE. When I paste the URL returned as url from initiate_new_backup_configuration (my naming of the R call), starting with https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&scope=ht..., into the browser, I get a valid connection.

This works, but it needs manual intervention, because I have to confirm the google account to be used. For an integration test, I would like to do this without user intervention - do you have an idea?

I'm not sure! It can be tricky to set up such a test and might depend on the testing framework you're already using. You might want to try to mock the response from Google. I'd be interested to hear what approach you land on!

1 Like

I resorted to a semi-manual method and skipped it by default: This is R, but I assume you get the idea.

test_that("Can initiate and complete backup configuration", {
  # A path to the browser must be set. 
  skip_if_not(RUN_INTERACTIVE_TESTS)
  browser = Sys.getenv("R_BROWSER")
  skip_if( browser == "" || !file.exists(browser))
  options(browser = browser)
  
  content = system$initiate_new_backup_configuration("askweoi23inc")$content
  expect_s3_class(content, 'data.frame')
  expect_setequal(names(content),  c('token', 'url'))
  expect_equal(nchar(content$token), 64)
  token = content$token
  cat("\nFollow the authorization workflow until the Google token is in the clipboard")
  writeClipboard("")
  browseURL(content$url) # use this in browser
  # Continue until Code is written to clipboard
  while (readClipboard() == "") {
    Sys.sleep(1)
    cat(".")
  }
  google_code = readClipboard()
  cat("\n Google code from clipboard\n", google_code, "\n")
  content = system$complete_new_backup_configuration(token, google_code)$content
  expect_true(content$success)
})
1 Like