Google Indexing API test environment? - google-auth-library

I'm implementing the Google Indexing API for some job posts, and I have it working in "production" (sending url's that are preceded with my public domain i.e. "jobs.myproduction.com") but I can't figure out how to test it in any QA or integration environment. The domains of the links wouldn't be my verified domain (the public one) but rather something like "box1.qa.myproduction.com" and those URLs aren't even publicly accessible.
In other APIs, we'd have test keys and a test endpoint, we'd deploy those values into configuration tables all the way up the line so that throughout testing we're hitting a test API endpoint with a test key and we can see it working while NOT publishing test data to a production system. But Google doesn't seem to have that. It's either do it in production with production values or get constant failures.
Right now, on my dev machine, I have "localhost" urls for my job postings, those get rejected from the API call for what looks like the fact that it's "localhost". If I change it to a dummy domain "jobs.mytest.com", I get a 403 FORBIDDEN, presumably because I'm not a validated owner of the "jobs.mytest.com" domain.
I CAN get a 200 out of google if I use a subdomain above my verified domain. So I have verified domain "jobs.myproduction.com", if I send the url as "https://test.jobs.myproduction.com/jobs/whateverId" I can get a 200 back. But:
I don't know where that's going (the domain isn't valid so I assume google won't list it)
I wouldn't put it above Google to somehow ding me for submitting bad URLs, and
This doesn't seem to be the right way to do this at all.
Does anyone have a suggestion on how to get around this? Am I missing something in the Google API dashboard for test accounts?

Related

Using 2 Google API keys in same project?

I have a project which I use Google Places API.
For the API key I have now, I have set IP restriction because the API is called in server-side. Place Search and Place Details are called in Server and returned to client side.
But the endpoint Place Photos, I call in client side, and of course it doesn't work because I have set IP restriction. So, my idea is to create one more production api key which works on client side and set HTTP referrers. Is this Ok? Or should I call all apis in server-side instead?

Https/BotAuthentication breaking botframework bot?

I am having an issue with trying to create a bot. Everything seems to work fine when I am using Http. I can deploy my application to my website and interact with the bot via the emulator or botframework.com.
Unfortunately, when I try to use HTTPS, I get a 401 error from the emulator and nothing shows up when I try to use botframework.com.
Just so that I am crystal clear, the only things that I changed are:
1. Added the [BotAuthentication] attribute to my ApiController like so:
[BotAuthentication]
public class MessagesController : ApiController
Updated the URL in the emulator/botframework.com from http://mywebsite.com/api/messages to https://mywebsite.com/api/messages
Web.config is all set up with the appId and AppSecret. My site already has an SSL certificate.
Is there anything that I am missing? Although I have never used basic authentication before I am assuming there is nothing else that I need to set up, right?
I hit your endpoing and IIS is responding to the basic auth and getting in the way.
Basic Auth is works the following way:
There is a header which contains the UserId:Password encoded as base64
If the server doesn’t see the header it returns a 403 with a “basic” to signal that the web site requires auth token. For a web browser that means it will popup a stock user/password dialog and then it will do submit the request again with the header.
If the header is provided but the user/password is wrong the server returns 401.
Normally basic auth is used to look up in a database, but in our case there is only 1 user, it is the bot appid/appsecret. All the BotAuthorization attribute does is to add an inspector to the request pipeline to look for the header with appid/appsecret in it to make sure that only approved callers can call your bot.
If you don’t care about that you can simply remove the attribute. Regardless, you don’t want IIS sticking it’s nose into the process.
Make sense?
This theoretically should work based on your description of the changes you've made. This is the emulator talking to your cloud service or to the bot on localhost? And you get this error as well from the Bot Framework test control in the portal?
If you send me your BotId to botframework#microsoft.com I can check our logs to see if there's anything interesting (or DM me at #jameslew on twitter).

Not able to get irb console working with tumblr_client gem

I have very little experience with APIs which is something that I'm trying to change so I'm trying to get started with the Tumblr api. I've installed the tumblr_client gem (documentation here) and am following the instructions. I've created an application on a new Tumblr account and have the necessary OAuth information (consumer_key, consumer_secret, ect.) Actually getting it to do something is proving difficult, so like a good little programmer I'm trying to get the console going to explore a bit.
This requires a bit of setup, so I'm following the instructions here:
The first time that you go to use the irb console, if you have no
.tumblr file, it will walk you through the process of generating one.
You will be prompted for your consumer_key and consumer_secret (which
you can get here: http://www.tumblr.com/oauth/register) and then sent
out to the site to verify your account. Once you verify, you will be
redirected to your redirect URL (localhost by default) and copy the
oauth_verifier back into the console. Then you're all set!
I'm prompted for my key and secret, then I go to the URL where I'm supposed to give authorization. Tumblr gives me a popup which reads "Is it alright for this application to access some of your data and make posts to your account? You are logged in as example#example.com" and the options to cancel or allow. I hit allow and it just takes me into the account itself, at no point am I ever given any kind of verification code that I can put in to get the console working.
At this point I'm stuck and can't go any further so I'm activating the network. Any ideas as to where I'm going wrong?
Did you specify a redirect or callback url at any point in the oauth config process? It's probably done on tumblr's API website. This url would be your app's endpoint to which Tumblr sends a request to with the user's data. By the way, oauth can sometimes be confounding to set up. You won't be able to use localhost as a callback url, for example, though you can get a temporary domain name with a free local tunneling app.
edit To go into more detail on some of these points ...
callback url: To reiterate, this cannot be localhost. Setting the correct callback url will get you unstuck from your current predicament. Instead of redirecting to the tumblr homepage, you want the confirmation page to redirect to your app. Anyway, I think you're totally sensible to want to test it out before you deploy. But unless you deploy or use a local tunnel, your local application doesn't actually have a URL that can be reached from anywhere except your computer.
local tunnelling services: ngrok, localtunnel. To give an example with ngrok: Say you have a Rails server running on port 3000. Then in another terminal you run ngrok 3000 and you get a url which exposes your local server to the real internet. Note that this changes every time you restart ngrok (unless you pay them). In your application, you should make a unique route for the callback. Say you have a route which matches /oauth_callback to the oauth_callback controller action. Then the route you'd provide as your callback url would be http://MY_CUSTOM_NAME.ngrok.com/oauth_callback.
The controller action: I don't specifically know how Tumblr sends user data to the callback. Perhaps the information is in the headers or maybe it's in the body. It might be JSON or XML. Whatever it is, you can explore the data by placing a breakpoint in your controller action. You can inspect the params, headers, etc. I'd expect that they'd give you some token credentials and probably a user name/email as well.

How to add multiple redirect URIs for Google OAuth 2?

I am trying to make Google OAuth 2 authentication work with a toy app I am running on my computer (at localhost:8080) using Social Auth for Java.
However when my app connects to Google to authenticate the user, Google responds with this error page:
My app, named "My Hobby App", is configured in the Developer Console as such:
In the Google OAuth 2 docs, it is specified that:
redirect_uri: One of the redirect_uri values listed for this project
in the Developers Console.
Determines where the response is sent. The
value of this parameter must exactly match one of the values listed
for this project in the Google Developers Console (including the http
or https scheme, case, and trailing '/').
I have a couple of questions:
How can I add multiple redirect_uris to my app?
Why is Google identifying my app as "Project Default Service Account" rather than "My Hobby App"?
It's actually easier than you think, unfortunately, it took me a couple of hours to figure it out.
How can I add multiple redirect_uris to my app?
Normally when you add multiple links to something on Google or elsewhere you separate it by , or ; but with Redirect URIs you have to use a new line, it's actually not very intuitive. So when you press the Edit Settings button, you can add to the URI and/or Origins if you have a couple more links, separated by newlines (enter).
No need for complicated app configurations or new keys.
Why is Google identifying my app as "Project Default Service Account" rather than "My Hobby App"?
On your second question: You have to go to the "Consent Screen" tab to change your app info such as your PRODUCT NAME, HOMEPAGE, LOGO, etc.
This answer may not be an exact answer to the question, but I think this might help those who are using Google OAuth for the first time and are wondering why their multiple URIs are not being recognized.
We use the redirect URI at 2 places in the code. First time, while fetching the auth code and a second time, when exchanging this code for an access token.
In the Google docs, it is clearly mentioned that the response for the auth code request(1st request) will be sent to the redirect URI. So, if you make the request from an endpoint A and specify the rediredt URI as endpoint B, Google will send the auth code to endpoint B. This is clear and worked fine without any errors.
Coming to the second request, the documentation is somewhat ambiguous. The redirect_URI parameter is described as below:
redirect_uri: The URI that you specify in the API Console, as described
in Set a redirect URI.
This is where I made a mistake in understanding how this works. Following a similar approach to the first call, I used a third endpoint C and passed this endpoint C in the redirect_URI parameter while making the second call. I got a URI mismatch error although my endpoints B and C are specified in the API console.
The problem is that, unlike in the case of first call, the response to the second call comes to the same endpoint from where the request is made. I made a request in python like below:
r = requests.post(token_endpoint, params)
r has the response with the token.
I was getting a URI mismatch because, I am supposed to use the same redirect_URI in both the calls.
So, for a single OAuth request, we need to use a single redirect_URI.
But then, that brings up the question, why are multiple redirect_URIs allowed in the API console for a single app. I am assuming that if we need to make multiple pairs of authCode-token calls in the same app, we have the leeway of using multiple redirect_URIs.

Setting up google project for authentication api

I am trying to set up google authentication for my local project. I run projects in python virtual environments and have different local domainnames set up for those. Names like projectname.dev. When i enter http://projectname.dev in browser the site opens up.
When i went to https://console.developers.google.com/project/< myprojectid >/apiui/credential?authuser=0 i could set values like javascript origin and authorized redirect uri there. I set javascript origins to http://projectname.dev and tried to put same domain for authorized redirect url too, but it did not work and i had to leave it to localhost.
When i tried to authenticate via django-allauth, i got such response from google:
**Error: invalid_request**
Invalid parameter value for redirect_uri: Non-public domains not allowed: http://projectname.dev/account/google/login/callback/
Now my questions are:
Can i develop this part of project locally with domainname like projectname.dev or do i need to set it up for localhost? Will local redirect from localhost -> projectname.dev work?
If i can do it with projectname.dev, then perhaps there is an error in the way i have this project set up in google developers console?
In any case, if you cannot set the redirect URI in the Cloud Console, Google will throw you our when you try to authorize the app.
My recommendation would be to choose either of those solutions :
Use "localhost" as you said, with some kind of redirection/NAT/proxy to projectname.dev
Replace projectname.dev with a domain with an actual tld such as projectname.thisdomaindoesnotexist.com . Then configure this domain name to map to your servers.
Or wait for ".dev" to be recognized as an actual TLD, and you'll be good :)

Resources