I purchased a domain with Google and I would like to associate it with a Heroku app. What is the step-by-step process to achieve that?
I recently connected my app to a custom domain. Although my domain is purchased from AWS route53. I think the approach generally is the same.
First of all, you can check out this page written by Heroku. https://devcenter.heroku.com/articles/custom-domains
I believe the tutorial given by Heroku works. However, I am tired of all those CLI that make things unvisable XD. Luckily, we can configure it from the Heroku website instead of the CLI.
Here is my approach:
First open your app in the Heroku web page, then click the "Settings" button
https://dashboard.heroku.com/apps/{your app name}
Scroll down until you see the "Domains" section, Then click "Add domain"
https://dashboard.heroku.com/apps/{your app name}/settings
Input the domain name you purchased from google (eg. www.example.com)
After adding your domain, Heroku will give you the DNS target.
From your google domain DNS management page, you should be able to add a new record for your hosted zone.
Finally, add a new record with simple routing policy, type CNAME, and value equals to the DNS target provided by Heroku.
It is really simple if you follow these steps correctly. Due to my reputation level, I cannot upload photos. Feel free to contact me if you want some image to guide you how to locate the buttons :)
It’s only 3 steps:
1. Heroku, in your app > Settings > Add your domain:
Add www.[foo.com] (Note: www is KEY!) to your app
Copy the [DNS Target] it gives you
2.Google Domains > DNS > Resource records > Custom Records > Manage Custom Records:
www, CNAME, [DNS Target]
Now you’re basically set up. If someone goes to https://www.[foo.com] in a few minutes, they’ll see your Heroku app hosted at [DNS Target]. But if they go to any other permutation (http, non-www) they’ll get a 404 error. To solve this, we’ll set up permanent redirects to the main version in the next step.
Google Domains > Website > Add a Forwarding Address:
From Field: [foo.com]
To Field: https://www.[foo.com]
Permanent Redirect (301)
Forward Path (so that [foo.com]/about forwards to https://www.[foo.com]/about)
SSL Enabled
Boom. Wait a couple of minutes for DNS to catch up, and you’re done.
heroku certs:auto:refresh
In Terminal refresh the SSL cert settings on Heroku, and check the Heroku Dashboard to confirm everything’s working.
Confirm all the below permutations forward to your site correctly:
https:
https://www.[foo.com]
https://[foo.com]
http:
http://www.[foo.com]
http://[foo.com]
paths:
https://www.[foo.com]/about
http://[foo.com]/about
PS: So does this work for the naked domain like [foo.com] instead of www.[foo.com]? No! Google Domains does not support ALIAS domains, and therefore in combination with Heroku does not support forwarding to the naked (aka. root aka. apex) domain. Sorry! This surprised me too :( Source 1: Heroku Docs | Source 2: StackOverflow. Your only alternative here is to transfer your domain (which costs money) to something like Cloudflare.
A working answer with these explanations is taken from https://nikodunk.com/heroku-ssl-google-domains-2019/
Just to add to Fergus's answer, if you are seeing the warning "cant add cname records as root domain" add www to the host name input.
I have a Google Cloud App Engine app that functions correctly when either I allow unauthenticated AllUsers access or turn on IAM for controlling access in Identity Aware Proxy. However when I follow the instructions on this page https://cloud.google.com/iap/docs/cloud-run-sign-in to enable Cloud Run Hosted sign-in with external identities and attempt to access either the login page or the Google Cloud Run hosted sign-in page, I receive the following error in the browser.
"Could not fetch URI /computeMetadata/v1/instance/service-accounts/default/token?scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/identitytoolkit"
For context, the Google Cloud Run service hosting the user sign-in is set to allow all Unauthenticated. It should re-direct to the Google App Engine web app. I think this is related to permissions or redirects, but I am at a loss as to how to fix. Any thoughts? Thanks!
I attempted to fix by re-deploying the Cloud Run Service, switching IAP on and off, switching between IAM and external identities, but to no success.
Thanks #John Hanley, I discovered that one my compute engine service account was disabled for some reason within the project. Re-enabling solved the problem partially. I'll spend more time matrix out the permissions and re-directs to make sure they are aligned.
I originally thought I completely answered my own question and solved my problem. Unfortunately, I only solved one of the problems with my implementation of the external identities authentication method.
Description of the other problem:
I enabled email/password and Google as providers, but when I click on the the option to authenticate with Google, I receive the following text in the browser: "The requested action is invalid."
At the Console in Dev Tools I get the following error:
GET https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=*mykey*&cb=1599165379363 403
The following url is displayed in the URL bar:
https://.firebaseapp.com/__/auth/handler?apiKey=mykey&appName=%5BDEFAULT%5D-firebaseui-temp&authType=signInViaRedirect&providerId=google.com&customParameters=%7B%22hl%22%3A%22en%22%7D&scopes=profile&redirectUrl=https%3A%2F%2Fiap-gcip-hosted-ui-app-engine-app-myserver-uc.a.run.app%2F%3FapiKey%3Dmykey**&v=7.16.0&fw=FirebaseUI-web
mykey and myserver were removed for this post and is not the actual values.
Email/password sign-in works, but not the Google sign-in. What am I missing here?
What I have build:
A web application hosted on Heroku which reads coworkers' calendar and generates travel time events in their calendars. This way they can easily see what time they HAVE to leave to be on time for their next appointment.
I expect that 50 coworkers (at most) will use the web app. The app is not intended or made for external use.
I am using sensitive scopes (namely event writing permissions), so the web app has to be verified.
My problem:
Verification requires verified ownership of the web app domain, but I have it hosted on Heroku. I received a mail from Google's verification team which mentioned:
Please Note: Third party domain not owned by you, or domains that are hosted by a third party site, or redirects to third party sites are not permitted.
My question:
Can I use Heroku to pass the verification, or is it simply not allowed to use Heroku for web apps that use Google OAuth?
I found an answer to this problem: I Can't deploy google oauth app in heroku
I followed the steps and it worked! Google accepts the verification.
Note: in the Search Console, pick the URL prefix option and select the Meta Data verification option. I found that was the easiest to implement.
We have a web app that uses OAuth to sync user's gmail account asking for some credentials. Now since last week we are getting this message that "sign in with Google is temporarily disabled for app" but we haven't changed anything from our settings at all. Also we have everything approved and configured because it was working fine before that time.
You need to follow the process described [here][1] to request verification for your app.
[1] https://support.google.com/cloud/answer/7454865?hl=en
Also see https://gsuite-developers.googleblog.com/2018/06/new-oauth-protections-to-reduce-risk.html
I am using https://maps.googleapis.com/maps/api/geocode/json? link with server key and user IP to find the latitude and longitude of any address, when I'm trying I find the error as
I have a server access key from google and I have put my server's IP address in the their white list.
The URL that I am trying to access via PHP CURL is:
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=true&key=XXXXXXXXXXXX
The result that I am getting:
Array ([error_message] => This IP, site or mobile application is not authorized to use this API key. [results] => Array ( ) [status] => REQUEST_DENIED)
Is there anything that I need to configure.The geocoding API is also switched on.
I had the same issue and I found this.
On the url, it requires the server key in the end and not the api key for the app.
So Basically, you just add the server key in the end of the URL like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&sensor=true&key=SERVERKEY
Now, to obtain the server key, just follow these steps:
1) Go to Developer Console https://code.google.com/apis/console/
2) In the Credentials, under Public API Access, Create New key
3) Select the server key from the option.
4) Enter your IP Address on the field and if you have more ip addresses, you can just add on every single line.NOTE: Enter the IP Address only when you want to use it for your testing purpose. Else leave the IP Address section blank.
5) Once you are done, click create and your new Server Key will be generated and you can then add that server key to your URL.
Last thing is that, instead of putting the sensor=true in the middle of the URL, you can add it in the end like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&key=SERVERKEY&sensor=true
This will definitely solve the issue and just remember to use the server key for Places API.
EDIT
I believe the web URL has changed in the past years. You can access developers console from here now - https://console.developers.google.com/apis/dashboard
Navigate to developers console - https://console.developers.google.com/ or use the link from details to navigate directly to API dashboard.
Under developer console, find Label from the left navigation panel
Select project
Choose Credentials from the left Navigation panel
You could create credentials type from the Top nav bar as required.
Hope this answer will help you and other viewers. Good Luck .. :)
Choose key
API Restriction tab
Choose API key
Save
Choose Application Restriction -> None
Save
In addition to the API key that is assigned to you, Google also verifies the source of the incoming request by looking at either the REFERRER or the IP address. To run an example in curl, create a new Server Key in Google APIs console. While creating it, you must provide the IP address of the server. In this case, it will be your local IP address. Once you have created a Server Key and whitelisted your IP address, you should be able to use the new API key in curl.
My guess is you probably created your API key as a Browser Key which does not require you to whitelist your IP address, but instead uses the REFERRER HTTP header tag for validation. curl doesn't send this tag by default, so Google was failing to validate your request.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
You're trying to use an API KEY which you restricted in a way that won't allow this action.
According to Google:
Note: If you need to call web, web service, and/or mobile APIs from the same (client-side) app, create and restrict multiple keys.
So the right thing to do is to create another API KEY, and choose the correct restrictions for this matter. In your case, choose "IP addresses" (under "Application restrictions"), and use "ADD AN ITEM" to add your server ip.
Notice that leaving a blank list won't work, and will result in google changing your restrictions to "None".
Also, don't forget to add the relevant APIs under "API restrictions" (in your case "Geocoding API").
One last thing - Google is blocking the use of this API until you link your app to Google Cloud Billing Account. So if you didn't do it yet, once you successfully get a response, it will say you have to do it first (it has a free starting package).
Google Place API requires the referer HTTP header to be included when making the API call.
Include HTTP header "Referer:yourdomain.com" and this should fix the response issues.
You create an key with out referer
dont enter the referer address
For the latest version of the API the exact opposite seems to be true for me.
When calling the url https://maps.googleapis.com/maps/api/geocode/json?address=<address>&key=<key> I was getting the following error
You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account
Once I switched the order to https://maps.googleapis.com/maps/api/geocode/json?key=<key>&address=<address> it worked fine.
Note that the error message received above was the message I got when going directly to the URL in the browser. When I called the API from a software program I received an HTML response with basically the following message:
We're sorry... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
Also, the corresponding API should be enabled for the given project
https://console.developers.google.com/apis/library?project=projectnamehere
For iOS or Android apps, the key needs an extra privilege granted.
Go to the Google Console -> APIs and Services -> Library. Tap the Places library for your platform and then tap Enable.
See https://developers.google.com/maps/gmp-get-started#enable-api-sdk
The reason this error is occurring because of the restrictions you have added when you create add the sha1 fingerprint on google cloud console , remove the fingerprints from android or ios then save .(the ip of that mobile phone will no longer be restricted)
Authentication, quotas, pricing, and policies
Authentication
To use the Directions API, you must first enable the API and obtain the proper authentication credentials. For more information, see Get Started with Google Maps Platform.
Quotas and pricing
Review the usage and billing page for details on the quotas and pricing set for the Directions API.
Policies
Use of the Directions API must be in accordance with the API policies.
more know : visit:--- https://developers.google.com/maps/documentation/directions/start?hl=en_US
url = https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving&key=AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY
add only in AppDelegate like
GMSServices.provideAPIKey("AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY")
and remove the key in this url.
now url is
https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving
Disable both direction api and geocoding api and re-enable.
it works for only 5-10 seconds and than automatically disabled itself.
it means you have only 5-10 sec to test you assignment.