From 53b08f3600829cf0ac01f4330dfbd3429abd6d3c Mon Sep 17 00:00:00 2001 From: rhythmcao Date: Wed, 15 May 2024 13:06:52 +0800 Subject: [PATCH] update account readme.md --- ACCOUNT_GUIDELINE.md | 75 +++++++++++++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 26 deletions(-) diff --git a/ACCOUNT_GUIDELINE.md b/ACCOUNT_GUIDELINE.md index 2877721..bfb3f03 100644 --- a/ACCOUNT_GUIDELINE.md +++ b/ACCOUNT_GUIDELINE.md @@ -4,16 +4,23 @@ For tasks including google or google drive, we need a real Google account as wel > Attention: to prevent environment reset and result evaluation conflicts caused by multiple people using the same Google account simultaneously, we will not provide the public test accounts available. Please register a private Google account. -## 1. Register Google Account +## Table of Contents +1. [Register A Blank Google Account](#register-a-blank-google-account) +2. [Create A Google Cloud Project](#create-a-google-cloud-project) +3. [Configure OAuth Consent Screen](#configure-oauth-consent-screen) +4. [Create OAuth2.0 Credentials](#create-oauth20-credentials) +5. [Potential Issues](#potential-issues) -In this section, we introduce how to register a blank new Google account as well as the important configurations: +## Register A Blank Google Account 1. Go to Google web site and register a blank new account - In this testbed, you do not need to provide any recovery email or phone, since we only use it for testing cases - Just **IGNORE** any security recommendations - Shut **OFF** the [2-Step Verification](https://support.google.com/accounts/answer/1064203?hl=en&co=GENIE.Platform%3DDesktop#:~:text=Open%20your%20Google%20Account.,Select%20Turn%20off.) to avoid failure in environment setup (requesting phone verification code) -![Shut Off 2-Step Verification](assets/googleshutoff.png) +

+ Shut Off 2-Step Verification +

> Attention: we strongly recommend that you register a new blank account instead of using an existing one, in order to avoid messing up your personal workspace. @@ -27,52 +34,64 @@ In this section, we introduce how to register a blank new Google account as well } ``` -## 2. Obtain OAuth2.0 Credentials - -To reset the environment for Google Drive, we need to: 1) create a google cloud project, 2) configure the OAuth2.0 screen, and 3) generate the credentials for this project. - -### 2.1 Create a Google Cloud Project +## Create A Google Cloud Project 1. Navigate to [Google Cloud Project Creation](https://console.cloud.google.com/projectcreate) page and create a new GCP (see [Create a Google Cloud Project](https://developers.google.com/workspace/guides/create-project) for detailed steps). You can use any project name. -![Create GCP](assets/creategcp.png) - 2. Go to the [Google Drive API console](https://console.cloud.google.com/apis/library/drive.googleapis.com?) and enable the GoogleDrive API for the created project (see [Enable and disable APIs](https://support.google.com/googleapi/answer/6158841?hl=en) for detailed steps) -![Google Drive API](assets/enableapi.png) +

+ Create GCP + Google Drive API +

-### 2.2 Configure OAuth Consent Screen +## Configure OAuth Consent Screen To configure the OAuth2.0 screen for the created GCP. Go to page [OAuth consent screen](https://console.cloud.google.com/apis/credentials/consent?): 1. For User Type, choose "External" and click "Create" -![User Type](assets/usertype.png) +

+ User Type +

2. For App information, type in any App name you like (e.g., DataAccess), and choose the current Google gmail into field `User support email`. -![App Info](assets/oauthapp.png) +

+ App Info +

3. For Developer information, also fill in the current gmail account. Leave other fields blank and click button "SAVE AND CONTINUE". -![Developer information](assets/developer.png) +

+ Developer information +

4. Leave fields blank for `Scopes` and continue to `Test Users`. Add the current gmail account via clicking button "+ ADD USERS". -![Test Users](assets/testusers.png) +

+ Test Users +

5. Finish all configuration and we will come to the configured OAuth consent screen. There is another thing, PUBLISH APP to extend the lifecycle of credentials. Otherwise, the refresh token is only valid in 7 days (refer to [google offical doc](https://developers.google.com/identity/protocols/oauth2#expiration) and [stackoverflow post](https://stackoverflow.com/questions/74659774/google-oauth-2-0-refresh-token-expiry-how-many-days) for details). -![Publish APP](assets/publishapp.png) +

+ Publish APP +

-### 2.3 Create OAuth2.0 Credentials + +## Create OAuth2.0 Credentials 1. Goto the [credentials page](https://console.cloud.google.com/apis/credentials?), click "CREATE CREDENTIALS -> OAuth client ID" -![Create OAuth client ID](assets/oauth2.0.png) +

+ Create OAuth client ID +

2. For Application type, please choose "Desktop app". You can use any Name. And click "CREATE". -![Desktop App](assets/desktopapp.png) +

+ Desktop App +

3. Now, in the pop-up window, you can download the JSON file `client_secret_xxxxx.json`. Move and rename this .json file to file path `evaluation_examples/settings/googledrive/client_secrets.json` in the OSWorld project. The folder should look like: @@ -89,10 +108,10 @@ To configure the OAuth2.0 screen for the created GCP. Go to page [OAuth consent 4. Note that, when you first run a task including Google Drive, there will be a url requesting your permission. Open the link in unsafe mode using the gmail you filled in `evaluation_examples/settings/google/settings.json`, authorize and confirm your choice once for all. Eventually, you will see a prompt message "The authentication flow has completed." in a blank web page. -![Unsafe mode](assets/unsafemode.png) - -![Authorization](assets/authorization.png) - +

+ Unsafe mode + Authorization +

## Potential Issues @@ -102,13 +121,17 @@ Due to strict check by Google safety teams, even if we shut down the 2-step veri When the VM tries to log into the Google Drive page, Google requests you to provide a phone number and verfification number. This may occur when you change your IP or device for the first time. -![Phone Verification Code Required](assets/googlephonecode.png) +

+ Phone Verification Code Required +

To solve it, typing any phone number is adequate (since we shut off the 2-step verification and do not provide any recovery phone number). And fill in the received verification code. After that, hopefully, Google will remember this new login IP or device. Now, you can restart the task, and in this time, it should work. ### Identity Verification -![Identity Verification](assets/googleidentity.png) +

+ Identity Verification +

In this case, Google does not give you the chance to use phone verification code. Since we do not provide any recovery email/phone and shut down the 2-step verification, we are unable to login from the new device. We hypothesize that this problem may occur when you frequently change the login IPs or devices, such that Google detects the unusual usages. The only solution is to reset the password from the device in which you register this Google account.