I created an OAuth 2.0-Client-ID (Credentials) for a private application. The usage terms says that "OAuth Application Verification" is not necessary if I don't share my application. But if I open the "OAuth consent screen" in the cloude console it says "verification needed". The key seems to work anyway.
Any suggestions?
You need to mark your application as internal from the GCP console.
This section of the verification FAQ has more info on how to mark your app as internal.
Related
One of the websites we used to get data from requires now log in via Google, I have been granted access, and want to update the app to continue working.
I've set up credentials (clientId, clientSecret) as well as service account - whichever is easier tbh.
The url I'm trying to access looks like "https://xxxxxxxxxxxxxx.appspot.com/view/company_name"
When logging in manually, I'm being informed that:
To continue, Google will share your name, email address, language preference and profile picture with iap.googleapis.com.
Trying to get it working first on:
https://developers.google.com/oauthplayground/
But each time I select scope (guessing here) Google OAuth2 API v2 (userinfo.email, userinfo.profile) and get the tokens I end up receiving following error message:
Invalid IAP credentials: Expected JWT to have 3 parts separated by a '.' but there are 2 parts
Could anyone tell me all the things I'm doing wrong here?
I want to account for linking google action to my web app. followed the OAuth Client Information. I have implemented
Set Up an OAuth2 Server Using Passport in Laravel( tutorial link).Where I did authentication. finally, I find my application at my home mobile app but when goes to click on MY created app it gives me account linked and after that an error "something went wrong and close" but when I open my
it gives me an error
Accounts failed to link. Please close your browser and try again
The documentation at Add authentication to your project indicates that you need to use the Authorization Code auth type instead of the Implicit flow.
I'm using Azure Log Analytics to write application logs to it, like trace and error logs and also audit logs.
I would need to be able to query this log data in my web application in a flexible way (no static searches), so I came up to their REST API, like described here:
https://dev.loganalytics.io/
For some reason the authentication for query the data is different than inserting new data to the log, which I already did successfully with building a signature using the workspace id and key.
According to the documentation when using the search API I need to register my app with their AAD service, so I tried to follow the steps described in here:
https://dev.loganalytics.io/documentation/Authorization/AAD-Setup
My log analytics registration:
Log analytics registration
So I tried to create the app registration and tried to add permissions:
App Registration
And then I want to choose "Log Analytics" in the API access - but "Log Analytics" is not listed there!
As can see in this image:
API List
Why Log Analytics is not listed here? Am I'm doing something wrong?
You need search for Log Analytics API in the "Select an API" menu, then you could see this. It is not in the default list.
I am trying to implement google sign in using firebase in to my iOS app. I follow this tutorial.
https://firebase.google.com/docs/auth/ios/google-signin
I have setup the iOS app in firebase and use the google clientID and reversedClientID from the dowloaded GoogleService-Info.plist.
FYI: I have a custom sign-in button instead of the google sign in button. Anyway when i click the sign in button, google following error display in a webview.
I know my problem is the same as which described in this question.
Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type
But, in my case, I have created the app in Firebase still I get the error. Any idea please...
The first step is to check if you have already the OAuth 2.0 ID for iOS. To do this please open the Credentials page in the API Console. I hope you will find iOS client for your application under OAuth 2.0 client IDs section. If not, please follow this Guide
The second step is to replace the Web Client ID with in iOS Client ID from OAuth 2.0 client IDs section. To do this, you should open the GoogleService-Info.plist and modify following keys: CLIENT_ID with [value].apps.googleusercontent.com and REVERSED_CLIENT_ID with com.googleusercontent.apps.[value].
if you're using flutterfire ui package you need to change the client id parameter in your GoogleProviderConfiguration class with the iOS client id,
you can copy it from here Credential page
example:
providerConfigs: [
GoogleProviderConfiguration(
clientId: "your copied key here"),
]
re-build you're app and you should be good to go
I've just faced this same issue using flutterfire_ui on Flutter.
The error appears to be from a couple of things. As Valeriy points out you need the ios client ID. But I still got the error if I used the scopes
openid
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
Instead change these to
openid
email
profile
Strangely the opposite is true for Android, where the WebID and the first of the scopes should be used.
It also pays to be aware of the OAuth Content Screen..
In google cloud go to APIs & Services > OAuth consent screen > Edit.
You can add scopes here and fix any missing required fields that Firebase might not be filling out (I had 1). I believe this takes a while to propagate after a change, so give it an hour.
Currently i am working on one of old project within that there is a client id and client secret. Now i want to update those with new client id and client secret using another Developer account. I followed each and every step from
https://developers.google.com/+/mobile/ios/getting-started
Google APIs Console - missing client secret
But i can see only client id. Where is the client secret ?
Here i can see only client id
Hey this is step by step process ,hope this helps you...
Step 1:
Goto Google Developer console and create new app
Step 2:Enable the google plus api
You can see the enable api in the Enable API's tab which is next to API Library ,which is visible in second image.
Step 3: Goto to credential in API & auth tab then select credentials option
select the type of authentication you require
then you will can see the configure consent screen configure the page with the information you wish to provide .
Step 4: Select the web Application option on top
and enter required url's
and finally click create button
once you do that ..you can see ...client id and client secret key...
When in iOS, the application type of the OAuth credential should be 'iOS'.
And then you should pass an empty string as the client secret in your code.
Keeping a secret (that is global to the entire application, not unique per user) in an app is NEVER EVER secure. See https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps This is an amazing article, please spend as much time as needed to understand it.
Because it can't be kept secure, using client secret in iOS is the old, outdated approach. Nowadays you want to use proof-key-code-exchange (PKCE). It's also explained in above link, but in short:
Generate a secret key in iOS, it is one time use for that one specific login
Only send the hash of the key to the login authority (Google). The original has not left the app yet
To get the tokens, you send: <AuthorizationCode,ORIGINAL secret> AuthorizationCode is also a one time use
Google can compare the "original secret" to the previously sent hash. It therefore knows you are not an attacker that has stolen the AuthorizationCode
Back to the question. Google let's you create different types of "Apps":
Web application: Has a client secret (It's on a backend server, not on a publicly accessible iOS app)
iOS app: Has "iOS URL scheme" instead. There are frameworks that use this URL scheme and do the steps I described above for you (including PKCE). Disclaimer: I'm not an iOS developer, but I'm 99% certain