It's has been more than 4 weeks that for OAuth consent screen verification. I haven't received any emails regarding that moreover I can't add some scopes as well and no check box for that too.
I've done the things as per the documentation and is there any wrong.
Here's the problem and any solution:
N.B: I'm not understanding from where I will find 'OAuth clients' they have mentioned.
Since Google hasn't made "all OAuth clients" a hyperlink for you, I just did. :)
The details
You should look for the non-HTTPS URIs in each OAuth client listed in the Credentials tab of your Google developer account. Here's the link again: https://console.developers.google.com/apis/credentials
Check each of the OAuth clients on the page...
... and delete any URIs listed that don't include HTTPS.
You may notice that I haven't highlighted http://localhost/auth. That's because Google makes a special exception for developing locally.
Related
LinkedIn recently updated their API and now I unable to get public user profile url(by VanityName) during OAuth2 authentication phase. Looks like r_basicprofile is not available anymore.
Is there any chance to get this url and if so, could you please describe how?
According to the following LinkedIn documentation Find Profile by VanityName API
The use of this API is restricted to those developers approved by
LinkedIn and subject to applicable data restrictions in their
agreements.
But there is no any information how to apply to this API. How to apply to this API and get the appropriate permissions for r_basicprofile?
I think you need to become a partner although I'am struggling with the same thing
https://fullfabric.zendesk.com/hc/en-us/articles/115007056847-Setting-up-a-LinkedIn-application-and-Applying-to-become-a-LinkedIn-Partner
I have integrated with Google OAuth to sign in and read data from Google Sheets. Though I have followed the verification process and got my app verified, I am still getting an unverified error as shown in the screenshot.
Could not find a relevant help/support forum as well. Any guidance on how to debug further?
Screenshot confirming App verification:
I'm sorry for the very late answer here. I'm going to leave one because I'm sure others will run into this issue.
Google will only verify the scopes that you name in the OAuth consent screen settings. If you haven't included a sensitive scope in that list, they will verify the branding for your app, but not the scopes.
Nowadays, Google's UI has been updated. The relevant section currently looks like this:
You'll need to include at least one sensitive scope in this section. Mine is read access to your contacts. Yours may be access to your Google Sheets data. Either way, you'll need to explain how you will use this data.
We are facing the below screen when trying to authenticate to Google. The app that we are trying to authenticate is used for internal development and we did not publish it to our users.
Any idea why this occurs?
We faced an Unverified App screen before (as below) but now the authentication is disabled.
OAuth Client Verification
Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.
OAuth Client Verification
Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.
Review is not required if you are only using it under the same account as created the project in Google Developer console. You can read more about this change in this help center article.
This change applies to Google OAuth web clients, including those used by all Apps Script projects. By verifying your app with Google, you can remove the unverified app screen from your authorization flow and give your users confidence that your app is non-malicious.
Once you have applied for verification it takes around a week and it should start working.
I found this thread some time ago when this happened to us in our development project on Google Cloud Platform.
You can use a project for development without verification. No problem on that. But there are some limitations (more information here and here). Basically, we reached the limit of 100 users accessing the application. It was strange because we were testing with few accounts (5-6) until we found that, if you uninstall and install the application again, it counts as a new user. We were testing incremental authorization, so we uninstalled/installed the application a lot of times and we reached the quota.
When you reach this limit, you will see the message "Sign in with Google temporarily disabled for this app" and only users from the organization where the project is hosted can access the application. So we couldn't make test with our accounts from a demo domain or our Gmail accounts.
The only solution available was to pass the OAuth verification form (even if you didn't want to publish the application), but there were problems to do it. For example, it was mandatory to remove http://localhost from valid OAuth URLs. And more problems related with development.
âť— But this has changed recently. I have accessed to OAuth credentials screen in Google Cloud Platform (APIs & Services > Credentials > OAuth consent screen) during this week and now the page it's different. Now you don't need to specify "Authorised JavaScript origins" and "Authorised redirect URIs", you just need to specify your scopes for Google APIs and the Authorised domains. Then, at the bottom of the page you will find the button "Submit Verification" and the process will start. You will also find some information on the right:
About the consent screen
The consent screen tells your users who is requesting access to their data and what kind of data you're asking to
access.
OAuth Developer Verification
To protect you and your users, your
consent screen may need to be verified by Google. Without
verification, your users will see an additional page indicating that
your app is not verified by Google.
Verification is required if
Your application type is public, and You
add a sensitive scope Verification may take several days to complete.
You will receive email updates as it's processed.
Saving without publishing
Even though your consent screen is
unpublished, you can still test your application with users with the
following limitations:
Sensitive scopes are limited to 100 grant requests before verification
is required
Users see an additional page indicating that your app is
not verified by Google.
To include "Authorised Javascript Origins" and Authorised redirect URIs" you need to go to APIs & Services > Credentials and there click on your OAuth 2.0 client ID. There will be a form where you can add them.
In our case it took 1 day to get a response from Google. In the email there were some instructions to pass the verification. We had to reply the email with a video uploaded on YouTube addressing the following points:
How does user sign-up on your app and grants access to the sensitive scopes requested in verification?
OAuth consent screen as seen by end users
How does your application use the requested scopes to provide services to developers?
A test account email and the password for us to test the user sign-up process and validate the project's functionality.
We recorded a video showing points 1, 2 and 3 and sent them a test account for number 4.
After 1 day, we got another response from Google confirming that our project had been verified.
So finally the problem was solved! 🙂
I hope this could help people in the same situation. It was really annoying for us.
I had to go into my Google Apps Script settings and turn on the "Google Apps Script API" setting. Then I tried again, and the script executed correctly without issue.
I had used the script a couple of weeks ago and it worked fine, so something must have happened between then and now that changed it... Not sure what caused that setting to switch.
I set up a project on my main domain example.com and then moved it to a subdomain sub.example.com
Now when I try to use the same (default ASP.NET MVC or on my Discourse forum) project with OpenId and click on the Google button to log in with my Google account it throws the following error -
That’s an error.
OpenID auth request contains an unregistered domain: http://sub.example.com
I have tried Googling that message but apparently I am one of the first four people to see it. Any ideas here?
According to this page,
Google closed registration to new OpenID 2.0 clients in May 2014 and will be shutting down the OpenID 2.0 service in April 2015.
The reason why some hosts work and some don't is that although Google isn't adding new hosts, you can still use the ones that are already registered.
UPDATE :
Some people have asked for a simple explanation for how to fix this, or otherwise how to proceed.
Basically, you now have 2 options.
Use OAuth 2.0 (instead of openID protocols and older versions of OAuth)
or
Use Google+ login (which Google tried to "push" you towards)
For more details check the migration guide :
https://developers.google.com/+/api/auth-migration#userinfo
I would like to add some context to this thread together with a potential solution to developers that are currently blocked.
Back in February we announced the deprecation of OpenID 2.0 (OID2) scheduled for April 2015. We also announced that new OID2 relying parties (RPs) registrations†will no longer be accepted after April 2014.
Given that the API will be shut-down in less than a year’s time, our intention is to avoid having new RPs integrating with Google's OID2 API. Instead, we suggest to use our OpenID Connect API which we consider more secure and easier to implement.
Registrations were effectively closed on May 19th (as documented in the Google’s OID2 developer documentation). All RPs already using OID2 should not be affected by this the closure.
As for developers currently working on an integration with our OID2 API (presumably because they missed the announcement and warnings in our OID2 documentation), we will do our best to minimize the friction caused by the registration closure. If you are in such situation, please let us know by posting a registration request before June 15th. The post should contain a sample OID2 request used by your application, in case you prefer not to disclose such information, please post an email address and we will reach out. We plan to look into each case and try to get you unblocked in the best possible way.
†OID2 does not have a registration procedure for RPs integrating with an identity provider. RPs are associated to the realm value (e.g., www.example.com) used when contacting Google OID2 API. Thus, a RP is considered "registered" if its realm value has been used to contact our OID2 API.
You can easily change to OAuth 2, this article shows you how to register your app with Google and add the key to MVC. Scroll down to: "Creating a Google app for OAuth 2 and connecting the app to the project."
And you may need to add the Microsoft.Owin.Security.Google package via NuGet.
I had the identical problem but when using nodejs / expressjs
I have migrate my code using below url code and fixed that issue
Passport strategies for authenticating with Google using OAuth 1.0a and OAuth 2.0.
https://github.com/jaredhanson/passport-google-oauth
The sub-domains that fail are those that had never seen any user requests before. As per https://developers.google.com/+/api/auth-migration#timetable, Google is not allowing new domains in the OpenID2 API.
I have this exact problem, we use googles login to run a platform, its a brand new problem.
A few things I have discovered if this helps
Full domains trying to use openID never fail www.example.org and www.example2.com are not having this problem
Subdomains on the platform have this problem sometimes, but the same subdomains always fail and the others always work.
It started around Monday and is still happening now.
Take a deep breath and just change Startup.Auth.cs file
app.UseGoogleAuthentication();
to
app.UseGoogleAuthentication(
clientId: "000-000.apps.googleusercontent.com",
clientSecret: "00000000000");
refer to the http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on page.
I am using Dotnetopenid for login.
I am logs in my application by using dotnetopenid provider suppose google.
At the time of logout I am ending the my application user's session by FormsAuthentication.SignOut(); but if I am not closing the browser and logs in using google it will not ask me for id-password and land me on secured page of my apllication.
Also, if i will try gmail.com it will directly lands me user account without asking id-password.
So how could I logout completely from my application and google too ?
thanks in advance
I think you are mistaking the Relying Party and the OpenID Provider. Using StackOverflow as an example, SO is the Relying Party and other sites (e.g. Google) are the OpenID Provider(s).
The Relying Party (e.g. SO) has no say in when the OpenID Provider (e.g. Google) chooses to "forget" the user for their own purposes.
EDIT: I was not familiar with the PAPE extension. However, if I understand correctly, it does not provide a way for the RP to say to the OP, "On your end, forget this user's authentication", which is what I think rehan wants. It just provides a way for the RP to demand another authentication for the RP's purposes.
I still see no way for (e.g.) SO to log a Google user out of Gmail after SO logs them out.
It sounds like what you're looking for is a Logout feature that will allow the relying party to also log the user out of the Provider at the same time.
DotNetOpenId doesn't offer this feature because OpenID itself doesn't have this feature in its spec. There's simply no way to do it right now. The OpenID community have had conversations about spec'ing out such a feature, but so far it's not there. If and when OpenID adds such a feature to its spec, DotNetOpenId will add support for it.
i had the same issue. So tried this.....when i logged out of my website which uses dotnetopenid, i also made a call to the following gmail logout link https://mail.google.com/mail/?logout&hl=en. This logged me out of gmail also.
https://www.google.com/accounts/Logout
try this one....