I have wp7 app that should consume Google Latitude API. It requires my app to be authenticated with OAuth 2.0 access token. To archive that I'm using authentication flow for native applications (described here http://code.google.com/apis/accounts/docs/OAuth2.html#IA). When my app navigates to Request for Permissions page from within browser control and I'm clicking on "Allow access", the server respond to me with "Deniend error=acces_denied" page.
Google Latitude API is enabled on my apis console btw. Can anybody help me to determine where is the problem?
[EDIT]
Thanks to #gyurisc i figured out that it works on desktop browser, I have my access token. But there is still a mystery whats wrong with browser control of WP7! Why it returns "Access Denied" error if I allow access.
[EDIT]
I've posted an issue in Google Latitude Issue Tracker OAuth 2.0 dialog doesnt work properly on WP7
The temporary workaround from google team is to replace "account.google.com" to "sandbox.google.com". They will try to fix this bug asap on production server
Related
I have a Google Cloud App Engine app that functions correctly when either I allow unauthenticated AllUsers access or turn on IAM for controlling access in Identity Aware Proxy. However when I follow the instructions on this page https://cloud.google.com/iap/docs/cloud-run-sign-in to enable Cloud Run Hosted sign-in with external identities and attempt to access either the login page or the Google Cloud Run hosted sign-in page, I receive the following error in the browser.
"Could not fetch URI /computeMetadata/v1/instance/service-accounts/default/token?scopes=https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/identitytoolkit"
For context, the Google Cloud Run service hosting the user sign-in is set to allow all Unauthenticated. It should re-direct to the Google App Engine web app. I think this is related to permissions or redirects, but I am at a loss as to how to fix. Any thoughts? Thanks!
I attempted to fix by re-deploying the Cloud Run Service, switching IAP on and off, switching between IAM and external identities, but to no success.
Thanks #John Hanley, I discovered that one my compute engine service account was disabled for some reason within the project. Re-enabling solved the problem partially. I'll spend more time matrix out the permissions and re-directs to make sure they are aligned.
I originally thought I completely answered my own question and solved my problem. Unfortunately, I only solved one of the problems with my implementation of the external identities authentication method.
Description of the other problem:
I enabled email/password and Google as providers, but when I click on the the option to authenticate with Google, I receive the following text in the browser: "The requested action is invalid."
At the Console in Dev Tools I get the following error:
GET https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=*mykey*&cb=1599165379363 403
The following url is displayed in the URL bar:
https://.firebaseapp.com/__/auth/handler?apiKey=mykey&appName=%5BDEFAULT%5D-firebaseui-temp&authType=signInViaRedirect&providerId=google.com&customParameters=%7B%22hl%22%3A%22en%22%7D&scopes=profile&redirectUrl=https%3A%2F%2Fiap-gcip-hosted-ui-app-engine-app-myserver-uc.a.run.app%2F%3FapiKey%3Dmykey**&v=7.16.0&fw=FirebaseUI-web
mykey and myserver were removed for this post and is not the actual values.
Email/password sign-in works, but not the Google sign-in. What am I missing here?
Our application uses Google OAuth to access GDrive and GMail APIs. Recently we noticed that during Google authorization some users get next message: "Couldn't sign you in. This browser or app may not be secure." etc. So the questions is:
What can be reasons of this?
What can be done to fix this issue?
Is there any kind of Google Support for this kind of issues?
Thanks in advance!
Actually Google blocks login from embedded browser frameworks in an effort to prevent man-in-the-middle (MitM) phishing attacks.
When attempting to log in with Google OAuth via the TikTok in-app browser it says "Authorization Error Error 403 disallowed_useragent Google can't sign you in safely inside this app. You can use Google sign-in by visiting this app's website in a browser like Safari or Chrome."
Thinking this is either a call by Google to prevent login within TikTok or they simply haven't added this user agent yet.
Google OAuth does not work in embedded web views per policy. See https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html.
You should reach out to the app developer to recommend they use one of the alternatives recommended like Chrome Custom Tabs.
We publish an app that use OAuth 2.0 API access on Google Apps Marketplace. It got reviewed by Google and they said our app is invalid because it shows permission screen when a user first runs the app. (The app will be removed from the Google Apps Marketplace if our app is not fixed within 30 days) To solve this issue, we have some problems.
Our app uses OpenID Connect to make users login.
Our app also uses Spreadsheet API and Calendar Resource API (OAuth 2.0 Web Application Flow)
So our questions related above is the followings:
1.
Although our app uses OpenID Connect for login, using OpenID Connect forces our app to show the permission screen. Doesn't it meet the best practice below of Google Apps Marketplace?
https://developers.google.com/apps-marketplace/practices#5_use_one-click_single_sign-on
We followed the OpenID Connect document provided by Google:
https://developers.google.com/accounts/docs/OAuth2Login
2.
Since Spreadsheet API and Calendar Resource API don't currently support the authentication method using Service Account with OAuth 2.0, we chose to use the method of Web Application Flow. Our app get the token when users login, but Google said to us that it fails to meet their SSO requirements. To solve the issue, we are thinking to change our app to authorize AFTER login within the app instead (use Web Application Flow method as it is). Does the way meet the SSO requirements? In other words, is it OK to show permission screen if after login?
We will applicate if anyone can tell us good solution to solve these problems.
Thanks,
If you register your scopes in the Google Apps Marketplace configuration screen, and then only request those scopes in the OpenID Connect flow, then the permissions screen should be automatically skipped. Please ensure the scopes match between these two locations.
For the background:
I'm developing a device application which offers connection to Google Drive. My end-users will need to login to their Google Account and authorize my application to access their Google Drive.
I'm using OAuth 2.0 to do this. But my concern is that I don't want users to navigate away from my application using the links on the Google Login page. Basically, I don't want them to use my application to browse the internet.
Question:
Will I violate any terms of service/usage if I hide or change the href the links using GreaseMonkey or TamperMonkey? The changes will only be on the client side and I won't alter any processing at all.
I already checked https://developers.google.com/terms/ but I found no item related to modifying the pages on client side.
Thanks in advance.
What kind of device? If you’re on Android, check out the Google Drive API and GoogleAuthUtil, you probably don’t need to code your own OAuth 2 support. On iOS we’ve been shipping a bunch of library-ware to help you similarly.
But if you’re doing OAuth 2 via a browser, it would be highly inappropriate to screw around with the Google Login page. Also I suspect that the page will try to resist such attempts, but I don’t know the details.