I am trying to implement google sign in using firebase in to my iOS app. I follow this tutorial.
https://firebase.google.com/docs/auth/ios/google-signin
I have setup the iOS app in firebase and use the google clientID and reversedClientID from the dowloaded GoogleService-Info.plist.
FYI: I have a custom sign-in button instead of the google sign in button. Anyway when i click the sign in button, google following error display in a webview.
I know my problem is the same as which described in this question.
Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type
But, in my case, I have created the app in Firebase still I get the error. Any idea please...
The first step is to check if you have already the OAuth 2.0 ID for iOS. To do this please open the Credentials page in the API Console. I hope you will find iOS client for your application under OAuth 2.0 client IDs section. If not, please follow this Guide
The second step is to replace the Web Client ID with in iOS Client ID from OAuth 2.0 client IDs section. To do this, you should open the GoogleService-Info.plist and modify following keys: CLIENT_ID with [value].apps.googleusercontent.com and REVERSED_CLIENT_ID with com.googleusercontent.apps.[value].
if you're using flutterfire ui package you need to change the client id parameter in your GoogleProviderConfiguration class with the iOS client id,
you can copy it from here Credential page
example:
providerConfigs: [
GoogleProviderConfiguration(
clientId: "your copied key here"),
]
re-build you're app and you should be good to go
I've just faced this same issue using flutterfire_ui on Flutter.
The error appears to be from a couple of things. As Valeriy points out you need the ios client ID. But I still got the error if I used the scopes
openid
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
Instead change these to
openid
email
profile
Strangely the opposite is true for Android, where the WebID and the first of the scopes should be used.
It also pays to be aware of the OAuth Content Screen..
In google cloud go to APIs & Services > OAuth consent screen > Edit.
You can add scopes here and fix any missing required fields that Firebase might not be filling out (I had 1). I believe this takes a while to propagate after a change, so give it an hour.
Related
I am trying to authenticate with Okta in my iOS app, Create a app is Okta dashboard and added client id and redirect url's. After setting up and installing app in simulator. app is throwing the below error:
Please let me know if i missed any settings.
Created a native app from dashboard.
It looks like the client ID you're sending in the request is not what you think it is. You should be able to copy the URL from your browser, paste it in something like Notes, and examine the client ID. Make sure it matches what you have in your Okta org and that it doesn't contain any unexpected characters in it.
That's a common problem being faced by every newbie.
Here are some steps which will guide you to make your Okta authentication without error.
Create an application in Okta Page.
At text field & you may put your domain id. ex dev-xxxx.okta.com:/callback
Provide the same detail in your okta.plist in iOS Application.
You may refer to the Okta 'GitHub Repositories' for working samples.
Thanks.
When I am signing into Gmail in my iOS App, I am getting the below error (screenshot) and the sign-in fields do not appear. We are loading the sign-in screen in a WKWebView.
We are using a custom URI redirect but why is google throwing this error now. What are the alternatives to a custom URI?
Swift 2.3 project
Using OAuthSwift v0.6.0 cocoapod
This started quite recently only in the past week or so I believe something changed with Google's APIs.
I have read that google is deprecating webviews for OAuth and will block requests on April 20, 2017. As seen here in a Google Developers Blog:
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html
Does this mean I already need to use or is there another viable solution? I thought I had more time before needing to update this.
My guess is that your client is registered incorrectly in Google Cloud Console. A 'WEB' client is typically a server or Javascript application. An iOS app should be registered as an iOS client.
https://developers.google.com/identity/protocols/OAuth2InstalledApp#creatingcred
I Just found this problem too.
Please check google developer console and look at the credentials keys
Your Client ID in google-info plist must come from iOS application, not the web.
And use that Client ID to be revereseClientID and copy it in to URI type
I have solved the problems by create project in Fire Base Because REVERSED_CLIENT_ID generate from developers.google.com Incorrect.
Try create your project in FireBase
https://console.firebase.google.com
you must cross check clientId at your 'Google Dashboard' clientId and clientId at "GoogleProject.Plsit".if both are different, copy ClientID from 'Google Dashboard' and paste it on "GoogleService-Info.Plsit".and also amend your reverseClientId in "GoogleService-Info.Plsit" according to newly pasted ClientID(you check the pattern how reverseClientId created from client Id in "GoogleService-Info.Plsit"). And then paste thid reverseClientId in 'URL type' in your project setting.
In case of mine clientId on "GoogleService-Info.Plsit" and my 'Google Dashboard' were different.
chech your google dashboard here : https://console.developers.google.com/apis/credentials?project=firebase
I just experienced this issue following the Google Signin for iOS Guide. The plist generated file is not the good one. You need to take a look at the clientID and reversedClientID and be sure that they are the ones for the iOS app on your Google developer portal.
I faced this error after previously creating a GoogleService-Info.plist file using the site Google Sign In directs you to. I later started using Firebase, which seems to create a separate .plist file. After attempting to include Firebase's new .plist file, my Google Sign In button started yielding the invalid_request error with the Custom scheme URIs are not allowed for WEB client type message.
In order to fix the problem I tried many things, but in the end deleting MY ENTIRE Firebase project on their web console (not just the individual app), recreating a new Firebase project from scratch, and re-downloading the new .plist file, solved the error.
It creates two client ID. one for web and one for iOS application. Web client will be in the google plist by default. So it gives the above error. Use iOS Client id from google console or create credential for iOS application.
For my experience, I had followed Google's SignIn iOS Swift guide and had downloaded a Web OAuth JSON file. They literally provide you the wrong Plist file for an iOS setup.
Just in case somebody else runs into this issue here are the steps I followed:
Go to the Google Developers console.
Go to the Credentials section.
Notice there are two items in the "OAuth 2.0 client IDs" section. (If you previously attempted to configure an iOS Google SignIn project.
Click on the name of the "iOS client for ".
Click "Download PLIST File".
Delete the Google web Plist file from your project.
Drop in the new iOS based Plist file.
Copy over the new REVERSED_CLIENT_ID into your URL Types of the Info page of your project. (This is detailed in Google's guide).
Attempt to run your app again.
Note: I got the Google Sign In API to work with Swift v3 and XCode v8.
I was getting the same error. Then I figured out, that I did not provide my app Bundle Id to access the Google Sign In Service in my app.
You do that from the page with the link:
https://developers.google.com/mobile/add?platform=ios&cntapi=signin&cnturl=https:%2F%2Fdevelopers.google.com%2Fidentity%2Fsign-in%2Fios%2Fsign-in%3Fconfigured%3Dtrue&cntlbl=Continue%20Adding%20Sign-In
1.Sign in with your Google Developer account.
2.Create you app name and copy the App bundle Id from your project from:
Project and Target List> General> Bundle Identifier.
3.Choose your Country
4.Enable Google- Sign In.
Then perform the necessary steps to integrate Google Sign In in with your iOS App.
I was facing the same issue. I followed all the instructions to integrate my app several times, and played with the code to see if there was any hidden issue in the code.
I downloaded and configured the sample app from google at github https://github.com/googlesamples/google-services and go the same issue, so it was not the code.
It seemed like there is something in my console configuration so I switched between different google console apps, and played changing the bundle IDs.
The only thing that managed to fix this issue was to use Firebase instead. I created an app in the firebase console, downloaded the new plist, and it worked.
Still not sure why this didn't work for me in the first place, this doesn't seem to be a common problem, but I hope this helps someone.
cheers,
Kindly check console.developers.google.com/apis/credentials for your project and see whether there is already a client_id in OAuth 2.0 client IDs section , if so then copy that client id and replace it with you GoogleService-Info.plist file's CLIENT_ID and accordingly change REVERSED_CLIENT_ID (in reverse manner) now clean and build your app and test it will work
I was using Meteor with Cordova and Meteor's official google integration, which relies on cordova-plugin-googleplus.
I had to:
create both an iOS and a web Client ID
use the web Client ID on the settings / server / database as documented
but then use the reverse of the iOS web client as the REVERSED_CLIENT_ID for cordova-plugin-googleplus
Expo, authentication with Google.logInAsync from expo-google-app-auth
In my case I just used androidClientId instead of androidStandaloneAppClientId
I have followed some articles, but all are not clear as google oauth interface is changed.
Verified some articles, and understood something. With this understanding in mind, followed below steps:
Opned URL: console.developers.google.com
Created new project with name: My Super App
Clicked on Google+ API under Overview section, and Enabled the same.
Here is my doubt whether I am doing correct or not
Selected OAuth ClientID option under Credentials section.
Configured Consent screen With email address, and Product name.
Under Create Client ID section, provided below details:
Application type: Web Application
Name: My Super Client App
Authorized Javascript origins: http://localhost:44300/ - sometimes, I have used this option. Later on, now, I am not using this option. Please suggest me if it is mandatory.
Authorized redirect URIs: http://localhost:44300/signin-google
ClientID, ClientSecret have been generated. Used in My MVC app.
But, I am unable to use Google OAuth.
Please suggest me where I'm doing wrong.
Go to your Project properties and under the Web tab you'll see the Project URL. In place of the https://localhost:44300/ given in the article replace it with the one specified in Project URL or, if you've overridden that one, use the one specified in the Override application root URL.
In other words, you shall change the URL here:
Just a suggestion but perhaps you need to enable the api on your google developer console. I did a quick google and this covers it - http://www.c-sharpcorner.com/article/how-to-configure-google-sign-in-for-Asp-Net-mvc-5-part-sixt/
please follow Asp.net/mvc :MVC5 :Google OpenAuth from where the below steps are taken:
Creating a Google app for OAuth 2 and connecting the app to the project
Navigate to the Google Developers Console.
Click the Create Project
button and enter a project name and ID (you can use the default
values). In a few seconds the new project will be created and your
browser will display the new projects page.
In the left tab, click
APIs & auth, and then > Credentials.
Click the Create New Client ID
under OAuth. In the Create Client ID dialog, keep the default Web
application for the application type.
Set the Authorized JavaScript
origins to the SSL URL you used above (https://localhost:44300/
unless you've created other SSL projects) Set the Authorized
redirect URI to:
https://localhost:44300/signin-google
Click the Consent screen menu item, then set your email address and product name. When you
have completed the form click Save.
Click the APIs menu item, scroll
down and switch on Google+ API.
Copy and paste the AppId and App Secret into the UseGoogleAuthentication method. The AppId and App Secret values shown below are samples and will not work.
Currently i am working on one of old project within that there is a client id and client secret. Now i want to update those with new client id and client secret using another Developer account. I followed each and every step from
https://developers.google.com/+/mobile/ios/getting-started
Google APIs Console - missing client secret
But i can see only client id. Where is the client secret ?
Here i can see only client id
Hey this is step by step process ,hope this helps you...
Step 1:
Goto Google Developer console and create new app
Step 2:Enable the google plus api
You can see the enable api in the Enable API's tab which is next to API Library ,which is visible in second image.
Step 3: Goto to credential in API & auth tab then select credentials option
select the type of authentication you require
then you will can see the configure consent screen configure the page with the information you wish to provide .
Step 4: Select the web Application option on top
and enter required url's
and finally click create button
once you do that ..you can see ...client id and client secret key...
When in iOS, the application type of the OAuth credential should be 'iOS'.
And then you should pass an empty string as the client secret in your code.
Keeping a secret (that is global to the entire application, not unique per user) in an app is NEVER EVER secure. See https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps This is an amazing article, please spend as much time as needed to understand it.
Because it can't be kept secure, using client secret in iOS is the old, outdated approach. Nowadays you want to use proof-key-code-exchange (PKCE). It's also explained in above link, but in short:
Generate a secret key in iOS, it is one time use for that one specific login
Only send the hash of the key to the login authority (Google). The original has not left the app yet
To get the tokens, you send: <AuthorizationCode,ORIGINAL secret> AuthorizationCode is also a one time use
Google can compare the "original secret" to the previously sent hash. It therefore knows you are not an attacker that has stolen the AuthorizationCode
Back to the question. Google let's you create different types of "Apps":
Web application: Has a client secret (It's on a backend server, not on a publicly accessible iOS app)
iOS app: Has "iOS URL scheme" instead. There are frameworks that use this URL scheme and do the steps I described above for you (including PKCE). Disclaimer: I'm not an iOS developer, but I'm 99% certain
I am using auth0.com to create a seed project with Firebase and Ionic (under Apps / APIs).
However, I ran into this issue Invalid redirect_uri. This value must match a URL registered with the API Key. I did the following research:
linkedin : Invalid redirect_uri. This value must match a URL registered with the API Key
(Tried to use http://localhost:8100/auth/linkedin/callback in OAuth 2.0 Redirect URLs and not working)
https://naveengopisetty.wordpress.com/2014/09/15/linkedin-oauth-2-0-issue-invalid-redirect_uri-this-value-must-match-a-url-registered-with-the-api-key/ (http://localhost:8100/signin-linkedin not working)
https://www.drupal.org/node/2357091 (http://localhost:8100/linkedin/company/token is not working as well)
Regardless of what I changed in Linkedin app, the login popup url always has redirect_uri=https%3A%2F%2Fmyproject.auth0.com%2Flogin%2Fcallback
That means for some reason my redirect url didn't get change and somehow auth0 forced a "wrong" url in it?
Anyone has an idea how to fix this? Or is it auth0.com bug?
When using LinkedIn, you should follow the instructions on how to configure as an email provider from this link
The important part is that you must set https://{accountName}.auth0.com/login/callback as the Callback URL in the LinkedIn app you create. Did you do that?
Does this help?
Thanks!