I am getting the below error while login with google through Keycloak.
401. That’s an error.
Error: deleted_client
The OAuth client was deleted.
Request Details That’s all we know.
The application you are using has a client id created via google developers console. The client id in question was deleted your going to have to create a new client id and recompile your application.
That is assuming this "keyCloak" is your own application if not then you should contact the developer of the application they have a problem
Related
I'm receiving an Authorization error when attempting to generate an authorization code:
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's
OAuth 2.0 policy for keeping apps secure.
If you’re the app developer, make sure that these request details
comply with Google policies. redirect_uri: urn:ietf:wg:oauth:2.0:oob
I've used this Google tutorial to replicate and confirm the issue:
https://developers.google.com/assistant/sdk/guides/service/python/embed/install-sample?hl=en_US
It is generating this URL:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=[HIDDEN]&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype&state=[HIDDEN]&prompt=consent&access_type=offline
Here is a workaround provided by jdtoth on Github: https://github.com/greghesp/assistant-relay/issues/266#issuecomment-1065940698
Thanks jdtoth!
I found a workaround for creating a new user. In my case, I needed to
create a specific type of API credential. Here is what I did:
Create a new OAuth Client credential using the link below, ensuring
the application type is "Web application" and set Authorized Redirect
URIs to "http://localhost"
https://console.cloud.google.com/apis/credentials
Download the key, and create the user in the Assistant Relay appas you
tried before. When it opens a new browser window to authorize the
google account, you might need to bypass a warning. After you do this,
a blank browser window will open but the address bar will contain the
auth code you need. Grab the code from the relevant part of the URL
here and paste it back into the Assistant Relay app:
http://localhost/?code=COPYCODEFROMHERE&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fassistant-sdk-prototype
Let me know if this works. I am successfully sending commands to the
Assistant Relay server but nothing is playing on my speakers.
I created an oAuth key for my laravel site for google login. I successfully implemented this in local. But when I migrated my site to live I got this error:
400. That’s an error.
Error: redirect_uri_mismatch
Request Details
client_id=xxxxxxx-0fic8dnvcgo672unju9ai619iXXXXXX.apps.googleusercontent.com
redirect_uri=https://laravel.themenepal.com/gharsansar/auth/google/callback
scope=openid profile email
response_type=code
state=NRu0eU9UdwEXYSV0dixOc0BjuH3bluFkHiBDJFgO
That’s all we know.
I think this is primarily due to redirect url being mismatched with what is set in Google console. I've changed the redirect urls in .env. I have searchd a lot to be able to update the redirect uri in google console but nothing helped.
If you know that would be a great help.
UPDATE: The screenshot of the url edit page is as follows:
If you goto: https://console.developers.google.com/apis/credentials and select the correct project, then the correct the correct OAuth 2.0 client IDs and edit the correct OAuth 2.0 client IDs.
There appears to be no option to edit it if it's created as an OAuth 2.0 client ID of type "Other." If you choose Web Application, you can edit them yourself.
I have been successfully using Google API (via HTTP/REST, as well as using the .NET client library) with a Google Service Account to access the files in Google Drive.
Recently, I am exploring the Fusion Tables. I am able to use the API with user authorization via a web application. However, when I try to access it using Google Service Account under the same project, it failed with the below error, whenever I have https://www.googleapis.com/auth/fusiontables in the scope:
https:// www.googleapis.com/oauth2/v3/token
HTTP 401
{"error": "unauthorized_client", "error_description": "Unauthorized client or scope in request." }
The error goes away, when I remove https:// www.googleapis.com/auth/fusiontables and the same code block works fine with https://www.googleapis.com/auth/drive and other scopes.
I have checked and confirmed the "Fusion Tables API" is already enabled for my project at Google Developers Console. (Otherwise, my user authorization via a web application would not be working at the first place.)
Is there anything which I could have missed out? Any help would be greatly appreciated.
I just come across this:
Google drive service account and "Unauthorized client or scope in request"
Even though it does not seems to be related at the first glance, it is indeed the same issue.
Problem resolved after removing User = svcAcct, from the below code block.
ServiceAccountCredential credential;
credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(svcAcct) {
// User = svcAcct, *** removed ***
Scopes = new System.Collections.Generic.List<string>(scopes.Split(' '))
}.FromCertificate(certificate)
);
Hence, here is the general advise:
DO NOT call ServiceAccountCredential.Initializer with User = svcAcct unnecessarily.
Only do this when you are trying to impersonating a difference user
(with the condition that the appropriate setup has been correctly done
in Google Apps Admin Console).
Even though it may not produce any error under certain cases, there
are some unexpected behaviors when including an email address of the
service account itself in the JWT claim set as the value of the "sub"
field.
My company develops a web app that requires 3rd party authentication with Outlook 365, to have access mail, calendar and contacts.
We managed to get several users from various tenancies connected through OAuth using the normal OAuth flow and the endpoints:
https://login.microsoftonline.com/common/oauth2/authorize
https://login.microsoftonline.com/common/oauth2/token
But one user constantly fails at login with the error:
{
"line":"398",
"file":"oauth_server.js",
"message":"Error in OAuth Server: temporarily_unavailable",
"time":{"$date":1436988123251},
"level":"warn"
}
It only happens for his tenancy, and only on our production servers (he can successfully connect with our test servers).
All the settings are analogous for the production app and the test app in the AzureAd portal.
This error states that the microsoft servers are unavailable, yet they manage to connect any other account, which tends to prove that this message is inacurate...
Would anyone have a clue about this?
This solved my problem:
I went to the AzureAd management portal,
went to the configuration page of my app,
changed the APP ID URI to something random
saved,
tried to connect with this account, successfully!
set back the APP ID URI to its original value.
Still works. I do not know why. Something must have been stuck in the pipe...
using of youube api getting this error
Error Domain=com.google.GDataServiceDomain Code=403 "The operation
couldn’t be completed. (com.google.GDataServiceDomain error 403.)"
UserInfo=0x7676020 {Error=NoLinkedYouTubeAccount,
error=NoLinkedYouTubeAccount}
You recieve this error since you are using Service account authentication.
The service account flow supports server-to-server interactions that do not access user information. However, the YouTube Data API does not support this flow. Since there is no way to link a Service Account to a YouTube account, attempts to authorize requests with this flow will generate a NoLinkedYouTubeAccount error.
https://developers.google.com/youtube/v3/guides/authentication
You may try to use another type of authentication, such as server-side or installed application, however user should allow to use his account.
If you want to create an app which will allow different users to add videos to your own channel, than you can try ClientLogin authentication protocol.
Look here for more info https://developers.google.com/youtube/2.0/developers_guide_protocol_clientlogin#ClientLogin_Authentication
This protocol is deprecated but I have not found any way to resolve problem.