I have a tutorial Ionic 4 application pasted from github.com/ionicthemes/ionic-google-login I have the following code that gets called:
this.googlePlus.login({
'scopes': '', // optional - space-separated list of scopes, If not included or empty, defaults to `profile` and `email`.
'webClientId': environment.googleWebClientId, // optional - clientId of your Web application from Credentials settings of your project - On Android, this MUST be included to get an idToken. On iOS, it is not required.
'offline': true, // Optional, but requires the webClientId - if set to true the plugin will also return a serverAuthCode, which can be used to grant offline access to a non-Google server
}).then(user => {
console.log('+++ user is:', user);
}, err => {
console.log("+++ google login error:", err);
})
And neither success, nor error messages get printed. I am stick waiting for a response from Google.
I did this: keytool -exportcert -keystore path-to-debug-or-production-keystore -list -v and added the sha1 fingerprint on console.developers.google.com. The package name matches (com.tgm_ionic) and I selected oauth2 android flow.
Extra info: This used to work on the browser platform, but would fail on android simulator with error 10, which is "invalid audience." So I created new credentials to move from browser platform to android platform (still oauth2), and now I encounter this issue. The goal here is to be able to login on android, not in the browser.
Verify that your webClientId is correct. You can reference this in the Google APIs console, then look under credentials and check your OAuth 2.0 client IDs. Often times with these hybrid apps folks are using the android key when the web client ID is needed.
Related
I am trying to authenticate to Google OAuth 2 via a native Mac app. I set up my app in the Google Developer Console as a Desktop application, and there is nowhere to specify a redirect_uri. As I understand it, those are only available to web applications.
But in composing my request in Swift using ASWebAuthenticationSession, my resulting authentication URL is like this (line breaks added for legibility):
https://accounts.google.com/o/oauth2/v2/auth?
client_id=******.apps.googleusercontent.com&
response_type=code&
redirect_uri=pro.cova%3A%2F&
scope=profile%2520email%2520https%3A%2F%2Fmail.google.com%2F&flowName=GeneralOAuthFlow
My app's custom URL type is pro.cova:/.
I'm getting this error from Google:
Error 400: redirect_uri_mismatch
What mismatch could be happening if there isn't one specified in the Google Developer Console?
It turns out that when building a native Mac app, you have to create "iOS" API credentials in the Google Developer Console. When setting it up, you have to specify your bundle ID like this: pro.cova
When you set the redirect_uri in your ASWebAuthenticationSession request, it must have a :/ at the end like this: redirect_uri=pro.cova:/
But the callbackURLScheme in your ASWebAuthenticationSession is without the :/ so it's just pro.cova.
I wish Google's API docs said "iOS or Mac" for the API credential options.
I'm new and only developpeur in my company and they tasked my with clearing some bugs with their mobile app.
I'm working with an Ionic app and we have google login option for our users, using cordova plugin "cordova-plugin-googleplus".
The problem I'm having is the user tokenId I get from google doesn't work when I send it to my API using "google-api-php-client" library v1.1.5 :
- When the tokenId comes from an Android device, the connection works, the azp and aud in the token have a different value, one is the Android client ID and the other the web client id.
- When the tokenId comes from an iOS device, the connection doesn't work, the azp and aud both have the iOS client id value.
So in iOS case when google api php library checks the tokenId against the client id in my config it fails as the config give the web client id.
I have a couple questions, is it normal that the tokenId for iOS doesn't have the web client ID as the Android one ? And is possible in the config to allow more than one client ID ? (So I could allow both the web client ID and the iOS ID)
Thanks for any advice !
I found out the answer
Apparently for iOS if you don't add the option 'offline' : 'true' when calling the google login it doesn't use the webClientID you specified.
Not sure why it does that for iOS and not for Android though
It's in GooglePlus.m :
NSString* serverClientId = options[#"webClientID"];
...
if (serverClientId != nil && offline) {
signIn.serverClientID = serverClientId;
}
I'm still interested into why the different behavior for iOS and Android or if it's a bug, but hopefully this will help someone else someday
I'm using Azure Mobile Apps with the .NET SDK as a backend for my iOS app. The authentication done via Facebook. Yesterday out of nowhere (no code changes either on backend or app) the authentication with Facebook failed. The login inside the iOS client app is done via
self.client?.login(withProvider:"facebook", token: ["access_token" : FBSDKAccessToken.current().tokenString] ){ (user, error) in }
By calling this function I'm getting the following result, on the client.
Error Domain=com.Microsoft.MicrosoftAzureMobile.ErrorDomain Code=-1302 "You do not have permission to view this directory or page."
By inspecting the streaming logs of Azure Mobile Apps, I found out that the backend gets an Unauthorized 401.71 return back from calling the Facebook Graph API.
Streaming Log:
Microsoft.Azure.AppService.Authentication Verbose: 0 : Received request: POST https://XXXXXXXXXX.azurewebsites.net/.auth/login/facebook
'w3wp.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'D:\Windows\Microsoft.Net\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll'. Skipped loading symbols.
'w3wp.exe' (CLR v4.0.30319: DefaultDomain): Loaded 'D:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll'. Skipped loading symbols.
Microsoft.Azure.AppService.Authentication Verbose: 0 : Calling into external HTTP endpoint GET https://graph.facebook.com/oauth/access_token.
Microsoft.Azure.AppService.Authentication Information: 0 : Sending response: 401.71 Unauthorized
I already tried cloning the Mobile App in Azure and creating a new Facebook App, without success.
for other users affected by this issue - I will quote the official answer from the MSDN Thread
TL;DR
Hotfix applied - App Restart Required
** UPDATE 3/28/2017 ** We're in the process of rolling out a rapid hotfix for affected apps worldwide. The hotfix mechanism will require
you to restart your app backend. You can do this using the Azure
Portal, the Azure Management CLI, or the App Service Mobile Companion
app for iOS and Android. Once restarted, please verify that your
Facebook logins are working again.
West US: Hotfix applied. Please restart your app. Other Regions:
Pending
I have the same problem, it stopped working yesterday without any code change.
I have tried to call the azure azure facebook authentication from rest client.
I get the same result as from the app, 401, and no additional information.
https://appname.azurewebsites.net/.auth/login/facebook
{
"access_token": "token Obtained after athorizing with facebook",
}
I have tried calling the facebook api from a rest client and it works.
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=SECRET_APP_ID&grant_type=fb_exchange_token&fb_exchange_token=ACCESS_TOKEN
My guess is that they changed something in azure web apps and broke the facebook authentification.
Please let me know if you find any solution.
This should be rolled out now. If you have any further questions see the MSDN thread from above: https://social.msdn.microsoft.com/Forums/azure/en-US/397f6952-57bf-4c28-b383-6bba08d28f9a/facebook-login-failures-with-app-service-authentication-authorization?forum=windowsazurewebsitespreview
I am trying to implement google sign in using firebase in to my iOS app. I follow this tutorial.
https://firebase.google.com/docs/auth/ios/google-signin
I have setup the iOS app in firebase and use the google clientID and reversedClientID from the dowloaded GoogleService-Info.plist.
FYI: I have a custom sign-in button instead of the google sign in button. Anyway when i click the sign in button, google following error display in a webview.
I know my problem is the same as which described in this question.
Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type
But, in my case, I have created the app in Firebase still I get the error. Any idea please...
The first step is to check if you have already the OAuth 2.0 ID for iOS. To do this please open the Credentials page in the API Console. I hope you will find iOS client for your application under OAuth 2.0 client IDs section. If not, please follow this Guide
The second step is to replace the Web Client ID with in iOS Client ID from OAuth 2.0 client IDs section. To do this, you should open the GoogleService-Info.plist and modify following keys: CLIENT_ID with [value].apps.googleusercontent.com and REVERSED_CLIENT_ID with com.googleusercontent.apps.[value].
if you're using flutterfire ui package you need to change the client id parameter in your GoogleProviderConfiguration class with the iOS client id,
you can copy it from here Credential page
example:
providerConfigs: [
GoogleProviderConfiguration(
clientId: "your copied key here"),
]
re-build you're app and you should be good to go
I've just faced this same issue using flutterfire_ui on Flutter.
The error appears to be from a couple of things. As Valeriy points out you need the ios client ID. But I still got the error if I used the scopes
openid
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
Instead change these to
openid
email
profile
Strangely the opposite is true for Android, where the WebID and the first of the scopes should be used.
It also pays to be aware of the OAuth Content Screen..
In google cloud go to APIs & Services > OAuth consent screen > Edit.
You can add scopes here and fix any missing required fields that Firebase might not be filling out (I had 1). I believe this takes a while to propagate after a change, so give it an hour.
In a deprecation announcement from Google, they say that developers need to migrate away from these scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
and instead use these scopes:
email
profile
After doing so on my App-Engine backend, however, I'm having problems with my iOS app. On first run, it asks me to sign in and the screen shows both scopes correctly after which the app runs just fine. On the second run, where it is supposed to retrieve the authorization credentials from protected storage, it does not work as the App-Engine server is receiving null for the User parameter in the endpoint.
The App-Engine endpoint requires both the email and profile scope. The iOS code for retrieving previous credentials is:
GTMOAuth2Authentication* auth =
[GTMOAuth2ViewControllerTouch authForGoogleFromKeychainForName:AUTH_KEYCHAIN_NAME
clientID:Constants.IOS_CLIENT_ID
clientSecret:Constants.IOS_CLIENT_SECRET];
and the iOS code for authenticating should there be no previous credentials is:
viewController = [[GTMOAuth2ViewControllerTouch alloc]
initWithScope:Constants.EMAIL_SCOPE
clientID:Constants.IOS_CLIENT_ID
clientSecret:Constants.IOS_CLIENT_SECRET
keychainItemName:AUTH_KEYCHAIN_NAME
delegate:self
finishedSelector:#selector(viewController:finishedWithAuth:error:)];
This used to work just fine! Now the App-Engine server changed the email scope from .../userinfo.email to email and the profile scope from .../userinfo.profile to profile. The iPad app exhibits the same behavior against the new backend with Constants.EMAIL_SCOPE set to either value.
The google-api-objectivec-client library is v0510, the latest.
The Android version of my app continues to work just fine without any code changes after the backend change.
Update 2015-02-26: Now using r424 (2014-12-30) of google-api-objectivec-client. No change. If the AppEngine backend is using the new "profile" and "email" scopes, the iOS app cannot authenticate on the second (or later) run where it is loading the credentials from store rather than going through the sign-in flow.
The AppEngine log of the first (sign-in credentials) shows:
com.google.api.server.spi.auth.GoogleIdTokenUtils getCurrentUser: getCurrentUser: IdToken; email=testuser#gmail.com
The AppEngine log of the second (loaded credentials) shows:
com.google.api.server.spi.auth.AppEngineAuthUtils getCurrentUser: getCurrentUser: AccessToken; Tried and failed to get client id for scope 'com.google.api.server.spi.config.scope.DisjunctAuthScopeExpression#a015b54e'
com.google.appengine.api.oauth.InvalidOAuthParametersException:
at com.google.appengine.api.oauth.OAuthServiceImpl.makeSyncCall(OAuthServiceImpl.java:139)
at com.google.appengine.api.oauth.OAuthServiceImpl.getGetOAuthUserResponse(OAuthServiceImpl.java:118)
at com.google.appengine.api.oauth.OAuthServiceImpl.getAuthorizedScopes(OAuthServiceImpl.java:90)
at com.google.api.server.spi.auth.AppEngineAuthUtils.getOAuth2AuthorizedScopes(AppEngineAuthUtils.java:140)
at com.google.api.server.spi.auth.AppEngineAuthUtils.getCurrentUser(AppEngineAuthUtils.java:89)
...
This exception does not propagate up; null is returned for the user.
Is there something else that needs to be done for the GTMOAuth2ViewControllerTouch to work correctly with the new scopes? Or is there perhaps something wrong on the AppEngine side?