Google api php : Wrong audience in jwt for iOS only - ios

I'm new and only developpeur in my company and they tasked my with clearing some bugs with their mobile app.
I'm working with an Ionic app and we have google login option for our users, using cordova plugin "cordova-plugin-googleplus".
The problem I'm having is the user tokenId I get from google doesn't work when I send it to my API using "google-api-php-client" library v1.1.5 :
- When the tokenId comes from an Android device, the connection works, the azp and aud in the token have a different value, one is the Android client ID and the other the web client id.
- When the tokenId comes from an iOS device, the connection doesn't work, the azp and aud both have the iOS client id value.
So in iOS case when google api php library checks the tokenId against the client id in my config it fails as the config give the web client id.
I have a couple questions, is it normal that the tokenId for iOS doesn't have the web client ID as the Android one ? And is possible in the config to allow more than one client ID ? (So I could allow both the web client ID and the iOS ID)
Thanks for any advice !

I found out the answer
Apparently for iOS if you don't add the option 'offline' : 'true' when calling the google login it doesn't use the webClientID you specified.
Not sure why it does that for iOS and not for Android though
It's in GooglePlus.m :
NSString* serverClientId = options[#"webClientID"];
...
if (serverClientId != nil && offline) {
signIn.serverClientID = serverClientId;
}
I'm still interested into why the different behavior for iOS and Android or if it's a bug, but hopefully this will help someone else someday

Related

Getting Redirect_URI to work with Google Oauth in Codename one

I am trying to get Google Oauth working with ios in CNO. I have it working fine with a web app, but I can't quite figure out how to have CNO know when to use which client ID or redirect_URI, etc. Below is my code that works fine. The CNO documentation is no help.
Login gc = GoogleConnect.getInstance();
gc.setClientId(web_client_ID);
gc.setRedirectURI("https://google.com");
gc.setClientSecret(client_secret);
doLogin(gc, new GoogleData(), false)
I have a different Client ID for iOS, but where would I put that? How do I change my RedirectURI when I don't want for the OAuth to go to a website, but back to my app?
The client ID is always the native login ID for the device. You can use the isSimulator() method to check if you're running in the simulator to use the web ID.

iOS GoogleMap API key, If keep it as blank will be generated any issue?

I have just simple question. I'm using goole map and direction API. So I need to create API key thats fine, I have done it.
But When I edit my API key and select Application restrictions to iOS Apps and save it.
I'm using this key in my app then I'm getting below error message.
This IP, site or mobile application is not authorized to use this API key. Request received from IP address XXX.XXX.XX.XXX, with empty referer
But If I remove the application bundle id from iOS Apps then API key is working
Also I'm referring this question This IP, site or mobile application is not authorized to use this API key
But some confusion are, Can we keep it as blank? There is any security related issue? do I need to do any changes when I'm going to upload app on app store ?
NOTE: I'm using API key in all the places in the coding. like
GMSServices.provideAPIKey(googleAPIKey)
and
let urlString = "https://maps.googleapis.com/maps/api/directions/json?origin=\(myCoordinateStr)&destination=\(destinationCoorinateStr)&key=\(googleAPIKey)&sensor=true"

Custom scheme URIs are not allowed for 'Web' client type - Google with Firebase

I am trying to implement google sign in using firebase in to my iOS app. I follow this tutorial.
https://firebase.google.com/docs/auth/ios/google-signin
I have setup the iOS app in firebase and use the google clientID and reversedClientID from the dowloaded GoogleService-Info.plist.
FYI: I have a custom sign-in button instead of the google sign in button. Anyway when i click the sign in button, google following error display in a webview.
I know my problem is the same as which described in this question.
Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type
But, in my case, I have created the app in Firebase still I get the error. Any idea please...
The first step is to check if you have already the OAuth 2.0 ID for iOS. To do this please open the Credentials page in the API Console. I hope you will find iOS client for your application under OAuth 2.0 client IDs section. If not, please follow this Guide
The second step is to replace the Web Client ID with in iOS Client ID from OAuth 2.0 client IDs section. To do this, you should open the GoogleService-Info.plist and modify following keys: CLIENT_ID with [value].apps.googleusercontent.com and REVERSED_CLIENT_ID with com.googleusercontent.apps.[value].
if you're using flutterfire ui package you need to change the client id parameter in your GoogleProviderConfiguration class with the iOS client id,
you can copy it from here Credential page
example:
providerConfigs: [
GoogleProviderConfiguration(
clientId: "your copied key here"),
]
re-build you're app and you should be good to go
I've just faced this same issue using flutterfire_ui on Flutter.
The error appears to be from a couple of things. As Valeriy points out you need the ios client ID. But I still got the error if I used the scopes
openid
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
Instead change these to
openid
email
profile
Strangely the opposite is true for Android, where the WebID and the first of the scopes should be used.
It also pays to be aware of the OAuth Content Screen..
In google cloud go to APIs & Services > OAuth consent screen > Edit.
You can add scopes here and fix any missing required fields that Firebase might not be filling out (I had 1). I believe this takes a while to propagate after a change, so give it an hour.

Request Denied in Google Maps geocode API iOS

I am trying to integrate google maps in my iOS App. I created and tried the iOS key, Server key and browser key as well. I regenerated the keys, but still gets the status as "ACCESS DENIED". I have seen many answers here, but none of the solutions work for me. I get the following response
This API project is not authorized to use this API. Please ensure that this API is activated in the APIs Console
and sometimes this
"error_message" : "This IP, site or mobile application is not authorized to use this API key. Request received from IP address xxx.xxx.xxx.xxx, with empty referer"
And I tried to use the regenerated key, and i get the following result.
"error_message" : "The provided API key is expired."
The solution may be simple, but I'm really stuck. Any help is appreciated
the log or error is clear.
for use google_maps you must :
• register your app bundle in Google Developer
• get api key ( if you had get it before update it)
• call the google initialize in AppDelegate
[GMSServices provideAPIKey:GOOGLE_MAP_SERVICE];

Google API fails to authenticate when iOS client ID is used

I'm trying to integrate the Google Data API into my application. I'm using the ObjC wrapper available here:
http://code.google.com/p/gdata-objectivec-client
but I have got some issues with the authentication. Basically I'm following the steps as described here:
http://code.google.com/p/gtm-oauth2/wiki/Introduction#Signing_In_to_Google_Services
I have created a project on the API Console and added two client IDs for installed applications: one is of the "Other" platform, the other is "iOS" with the bundle ID appropriately set (though I left the appstore id 0 for the moment). Now comes the interesting part.
Both the YouTubeSample app bundled with the above wrapper library AND my iOS app work perfectly with the client ID belonging to the "Other" platform, and both of them return a 400 invalid_client error when I switch the ID for the iOS one. I have doublechecked the client IDs and secrets, all are correct. The iOS app has of course been given the correct bundle ID.
So, am I missing something trivial here?
Is there a reason that you need to use the iOS-type id/secret pair instead of the other-type pair? Perhaps I'm missing something, but the linked documentation states to not use an iOS type client id:
In the console, create a project, then click "API Access" in the left column. Create a new Client ID for an Installed Application (not a web application) type other (not iOS). This will provide Client ID and Secret strings to be used with the controller.
The controller likely doesn't identify itself as an iOS application when sending the requests, which Google probably checks when it receives an iOS id/secret pair.

Resources