Hi aghilmort,
As long as you don’t click the links to re-authorize your Google Drive connection on the UD settings page, then being logged in to a WP account whilst also logged into Google should not affect anything. UD doesn’t have any other code that touches the access tokens. It is possible for the access tokens to be expired from Google’s end – I don’t have any particular knowledge on when/why that happens… if your searches turn up anything on that, then I’d be interested to learn more about it. I’ve not seen any of the sites I backup into Google Drive require re-authentication yet. Perhaps Google have some automated algorithm that expires your tokens if they get suspicious – but this is pure guesswork. We’ve not been asked this question much before, so my hunch would be that it’s not a generic thing.
You don’t need to have a unique Google account for each backup, but you do need to have a unique client ID – as mentioned on the UD settings page in the GD section (“N.B. If you install UpdraftPlus on several WordPress sites, then you cannot re-use your client ID; you must create a new one from your Google API console for each site.”).
Are you a Premium customer? If you are, then please do use the support facilities at updrafplus.com – the wordpress.org rules don’t allow us to use these forums for supporting paying customers. If you’re not, then please do take a look at Premium… it’s the revenue from people who are using UD professionally that enables us to offer the product and support for anyone.
Best wishes,
David
Hmm – each site has unique client ID & secret, which is set appropriately.
It’s possible there’s an expiration setting – the Google Drive API talks about it being an hour, however, that may simply be to be using their credentials creation console or drive itself and not necessarily when using it via the API. Possibly worth looking into, though WP-cron’s most often rate, hourly refresh, is right at the same level. So if “credential refresh” proved to solve it, might need two tasks running every hour which are offset by 30 minutes each to guarantee meets the hourly requirement.
One question might be – what happens when we click Backup Now – does that perchance peek at whatever our current Google credentials are and perhaps override the original oauth – that’s the only thing I can think of based on your suggestions that could be creating the bug. Alternatively stated, should we only click backup now when also logged in as the Google account we used to create the client ID / secret?
We’re taking a look at premium – the migrator addon is perhaps our biggest need at this time. Will advise if we need to transition this thread to your paid forums due to WordPress.org guidelines.
Hi,
Those one-hour tokens are for a different authentication type than we’re using (the unattended type). The sites I’m backing up on Google Drive have never needed to be refreshed.
“Backup Now” is actually the same internally as the other scheduled (daily, weekly, etc.) backups – it just schedules for 5 seconds into the future (and doesn’t repeat).
The only time that UD interacts with google.com regarding changing OAuth tokens is when you click the authenticate link. The only thing that happens at any other time (when backing up, downloading or deleting) is that it hands over the previously-gained token and hopes it works. But it can’t try to replace the token, because the authentication method being used to gain a token requires a user to be present and to explicitly click on buttons on a page delivered from google.com.
So, I think something happened that caused your tokens to be expired at Google’s end. But, I’m not sufficiently knowledgeable about Google’s OAuth system to suggest what that could be, as I’ve not seen this before.
Only one thing: Google did change which permissions were required to download a backup in April 2013. If your tokens were from before April 2013, then that is probably the cause. There’s a message about this locked on the top of our forum here: http://wordpress.org/support/plugin/updraftplus
David
Based on that post, is it possible the Google Drive API is interpreting multiple requests from UpdraftPlus (within the same Google account) as being from the same app (even if the client ID is different) as somehow being different and thus exceeding the credential limit in some way.
In other words, the solution may simply be to create a different Google account for each site? Or just explore using SFTP since the fix may not be easy, even if we can collectively determine the root cause?
Interestingly enough, we’ve only been using UpdraftPlus since ~June 2013, so that post wouldn’t seem to apply, and our initial site using it hasn’t ever generated an expired oauth session and it uses the same google account as the other 4-5 sites.
Hi,
Regarding using separate accounts, I don’t think I can really answer that question, since it doesn’t appear to be clear yet what is causing the problem. If you can get a reproducible sequence of events to trigger the issue, such that different accounts is the only difference between getting prompted to re-authenticate or not getting prompted, then that would be handy – but at this point it all seems rather unclear as to why you’re having the problem.
David
Based on additional testing, we can verify the error does occur after click backup now on the settings page while not currently logged into the same Google account as the account which the backup is using.
Hi ahilmort,
There must be something more than that going on… because pressing “Backup Now” sends zero information from the browser to the website, except the information that a backup should be scheduled in 5 seconds time. You can verify that by using something like WireShark to monitor your network traffic if you like. Information about what Google account your browser is logged into is never communicated to the webserver either positively or negatively, so it’s quite impossible for the webserver to do anything either way in response to it. The server side neither knows nor cares what your browser is doing.
Secondly, though, I can’t reproduce that. I did this:
1) Logged into Google using one of my Google accounts
2) Opened up the UpdraftPlus settings page in another tab in the same browser.
3) Press “Backup Now” and waited for the backup to complete, which it did.
4) Verified that no backup was in the Google Drive for the Google account I was logged in to.
5) Logged out of my Google account, and logged into the other one, and verified that the backup was there.
So, some other subtlety must be involved in your case.
David
I should point out too, that if it was even *possible* for a website to know which Google account you’re logged into, then that would be a cross-site security error. Browsers aren’t even *allowed* to communicate that kind of information – it violates the security model.
Have you verified that none of your sites are using the same client_id? That’s still the only way I can think of for your to be having this problem (and the only reason why it appears, on present data, that nobody else is having it).
catching up on your last few suggestions…
nod on cross-site security error – that said, is it possible something happens during backup after backup now is pressed where oauth query returns oh, you’re not logged into right account and fails. Not which account is logged in, simply current account doesn’t match credentials? Primarily asking as a non-expert on oauth?
yes, just re-checked all four sites; all have correct client IDs, secrets, & callbacks. Of those, two sites are working properly and two are not. Should each client id be within it’s own project? Or more precisely, would there be any reason why the google api would flake out if it sees multiple subdomains &/or same IP address using different client ids within the same project from the same external api?
Specific error we get in the log is of the form
0093.339 (0) Google Drive: requesting access token: client_id=redacted-super-secret-id.apps.googleusercontent.com
0093.443 (0) Google Drive error when requesting access token: response does not contain access_token
the other weird thing is that sometimes, even after properly re-authenticating with the correct account the error remains. In other words, we log into right account in anonymous session, get queried that the Google api wants permissions, we accept, and error still remains.
Other ideas for us to look at, known plugin conflicts, etc?
it appears to be helpful if we actually visit the google drive folder in addition to the api console and the wp updraftplus settings page while logged into the same account. also using a debug backup appears to be helpful as compared to the backup now button. at the very least the two sites that weren’t working are now working.
Appears problem resolved by creating unique project for each backup set. Previously, we created a unique client key for each backup set. We now create a new project for each backup set and then a new client key within that project. So far so good for past week or so with no errors.
representative configuration screen shot at this Google Drive link.
Thanks for working with us to resolve. May be worth mentioning in help file &/or clarifying the on-screen instructions to this effect (if we’re supposed to create a new project and not simply a new client key for each backup set within an existing project, we missed it).
Cheers! & thanks again!
