OAuth 2.0
With the message below, i cannot get an authorization code for the credentials.
Sign in with Google
Access blocked: project-165437914245’s request is invalid
You can’t sign in because project-165437914245 sent an invalid request. You can try again later, or contact the developer about this issue. Learn more about this error
If you are a developer of project-165437914245, see error details.
Error 400: invalid_request
console
In hte OAuth consent screen,
set Publishing status to In production
set User type to External
in Test users section, add users to my e-mail address
Related
I have a Project on Google cloud with a single Project.
When configuring the OAuth Consent Screen, I have
added the Sensitive Scope /auth/drive.readonly
added my other email id in Test users
When creating the Client ID for Web application, I have
added 2 redirect URIs (let us name them URL-1 and URL-2) (both https URLs accessible over the internet).
Now, I made a redirected request to https://accounts.google.com/o/oauth2/v2/auth from my browser https://accounts.google.com/o/oauth2/v2/auth?client_id={CLIENT-ID}&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly&access_type=offline&include_granted_scopes=true&state=193&response_type=code&redirect_uri={URL-1}
It showed the following screen
and then took to the OAuth consent screen requesting permission for
where I hit Continue.
I got a request at URL-1 with the state and code. Now I made a POST request to https://oauth2.googleapis.com/token with params
code={CODE}&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&redirect_uri={URL-2}&grant_type=authorization_code
But I get the 400 response with body
{
"error": "invalid_request",
"error_description": "\nYou can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.\n\nYou can let the app developer know that this app doesn't comply with one or more Google validation rules.\n "
}
I have my app in Test mode and I signed in only with the Test User. But I still get this error. Even tried making the last request from Postman. The result was still the same.
I'm receiving an Authorization error when attempting to generate an authorization code:
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's
OAuth 2.0 policy for keeping apps secure.
If you’re the app developer, make sure that these request details
comply with Google policies. redirect_uri: urn:ietf:wg:oauth:2.0:oob
I've used this Google tutorial to replicate and confirm the issue:
https://developers.google.com/assistant/sdk/guides/service/python/embed/install-sample?hl=en_US
It is generating this URL:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=[HIDDEN]&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype&state=[HIDDEN]&prompt=consent&access_type=offline
Here is a workaround provided by jdtoth on Github: https://github.com/greghesp/assistant-relay/issues/266#issuecomment-1065940698
Thanks jdtoth!
I found a workaround for creating a new user. In my case, I needed to
create a specific type of API credential. Here is what I did:
Create a new OAuth Client credential using the link below, ensuring
the application type is "Web application" and set Authorized Redirect
URIs to "http://localhost"
https://console.cloud.google.com/apis/credentials
Download the key, and create the user in the Assistant Relay appas you
tried before. When it opens a new browser window to authorize the
google account, you might need to bypass a warning. After you do this,
a blank browser window will open but the address bar will contain the
auth code you need. Grab the code from the relevant part of the URL
here and paste it back into the Assistant Relay app:
http://localhost/?code=COPYCODEFROMHERE&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype
Let me know if this works. I am successfully sending commands to the
Assistant Relay server but nothing is playing on my speakers.
"Invalid OAuth access token." for instagram_oembed
I have gone through the required steps to create an app, add "oEmbed Read" permissions to it, submit it for app review, get approved, and finally generate an access token.
To be clear, I was able to submit the app for review and get apprived. The "App Review Status" says "Live" for the Oembed Read feature. I have access to the /instagram_oembed endpoint according to the Permissions and Features section of my app.
The very last step is getting a working access_token, and this is where I am stuck. I am following these instructions.
I am able to generate a token but when I use it to request instagram posts like this:
https://graph.facebook.com/v12.0/instagram_oembed?url={instagram_post_url}&access_token={access_token}
I get "Invalid OAuth access token."
Debugging it via Access Token Debugger
It says the token is valid with the following scope: user_profile, user_media
I am also able to successfully exchange the "short-lived" token for a 3 month version, which also looks valid via the Access Token Debugger but also generates the same "invalid Oauth access token" response.
Any help is greatly appreciated
Turns out I was following instructions for User Tokens, but what you need is an App Token.
See here: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
I'm having issues with trying to set up account linking with Google Assistant.
I'm using Azure AD B2C for my identity provider.
I've created a User flow so I have a authorize and token endpoint set up and I created an Azure AD Application so I have an App Id, and App Secret and I set the redirect URL as https://oauth-redirect.googleusercontent.com/r/{google-project-name}/.
My Google account linking settings are show below:
Client ID is the App Id of the application I created in Azure AD.
Client Secret is the app secret of of the application I created in Azure AD
Auth URL is:
https://{b2c-name}.b2clogin.com/{b2c-name}.onmicrosoft.com/oauth2/v2.0/authorize?p={sign-in-policy-name}
Token URL is:
https://{b2c-name}.b2clogin.com/{b2c-name}.onmicrosoft.com/oauth2/v2.0/token?p={sign-in-policy-name}
When I got to https://console.actions.google.com/project/{google-project-name}/simulatorand try to go through the auth flow it pops up the box I put in my user name and password and then just stops.
I can see in Fiddler it redirects back to the redirect URL and then there is a 400.
{
"error": {
"code": 400,
"message": "Bad response from IdP in Auth Code Exchange",
"status": "FAILED_PRECONDITION"
}
}
When I look in Fiddler at the request to the redirect URL it looks as expected with a state and code like this documentation says it should so I'm not sure what I'm doing wrong. I've double checked my App Id and regenerated the key.
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID?code=AUTHORIZATION_CODE&state=STATE_STRING
I've seen a few questions with similar error messages but none of the fixes suggested helped or applied.
Any help would be appreciated.
I would like help obtaining/locating the correct access_token value for an API call.
I'm configuring an application that wants to search Facebook using the graph-api search request at https://graph.facebook.com/fql, for which I need an access_token. The application is a backend server so there's no UI and no users.
I registered a new 'app' using the developer pages 'Create a New App' link, so I now have an app at: https://developers.facebook.com/apps/<> and from that I get an 'app secret' token. Digging into the Advanced settings page for the app there is also a Client token.
However using either token results in the following JSON error:
{"error":{"message":"Invalid OAuth access token.","type":"OAuthException","code":190}}
Can anyone point me to where I've gone wrong?
==
The following 'curl' request demonstrates the command working correctly, but it's only usable token-less like this occasionally, so the app needs &access_token=...stuff... adding to the parameters.
$ curl 'https://graph.facebook.com/fql?q=select%20url,%20share_count,%20like_count,%20comment_count,%20click_count,%20total_count%20from%20link_stat%20where%20url%20=%20"http%253A%252F%252Felifesciences.org%252Fcontent%252F2%252Fe01233"'
{"data":[{"url":"http\u00253A\u00252F\u00252Felifesciences.org\u00252Fcontent\u00252F2\u00252Fe01233","share_count":0,"like_count":0,"comment_count":0,"click_count":0,"total_count":0}]}
The 'app secret' and 'Client token' will not work.
What you need is an Access Token, refer to this.