I'm trying to run the Google Javascript YouTube API samples, and I get the following error when the page (search.html) loads:
Refused to display 'https://accounts.google.com/o/oauth2/auth?client_id=[XXX]...F%2Flocalhost&response_type=token&state=366536542%7C0.931065623&authuser=0' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I'm running this from a host that's authorized in the "JavaScript origins" section of my credentials in Google Developer Console.
The only change I've made to the code was to enter my credentials in auth.js
Any ideas?
Be sure to put your Client ID in auth.js.
var OAUTH2_CLIENT_ID = 'XXXXX.apps.googleusercontent.com';
Plus, to configure Redirect URIs and JavaScript origins in https://console.developers.google.com for localhost :
Client ID XXXXXX.apps.googleusercontent.com
Email address XXXXXX#developer.gserviceaccount.com
Client secret XXXX
Redirect URIs http://localhost/oauth2callback
JavaScript origins http://localhost
Related
when using the google oAuth2. I keep getting
Erreur 400 : redirect_uri_mismatch The redirect URI in the request, http://hostname/signin-google, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit:
with the HTTP access.
but I'm using the https access to access the url.
I don't know why it's redirecting by HTTP not HTTPS
.
For the auth I'm using
await HttpContext.ChallengeAsync("Google", new AuthenticationProperties() {RedirectUri = "/"})
--
Note : when trying to Add my hostname with http on the redirect_uris acceepted on the GCP, it doesn't accept http, but only HTTPS
thanks a lot
You should pass the address of your own server/client-app as RedirectUri, which can handle the answer of Googles login dialog. This address should be a full URL not just "/", it has to be registered in the Google developer console and is required to be one with a https:// prefix.
You cannot implement OAuth2 with an unsecure http:// redirect address, this would ruin all security.
In fact, it's the way you expose your app that is taken in parameters..
For me I'm using the dockerfile to expose my app, and I used to use
Expose http://*:80
And even if the associated domain was started with an HTTPS, inside the app it's always an HTTP call, so all the redirect are done through the http protocole.
I'v changed the way I expose my app from http://:80 to https://:443
And in the code I used kestrel to launch the app and it's working perfectly now
Thank you
I have trouble creating a Google API OAuth2.0 token though following all the steps here: [OAuth2 Authentication](
https://developers.google.com/adwords/api/docs/guides/authentication?authuser=1)
When trying to create the token through the OAuth2.0 playground:
OAUTH 2.0 playground
I end up with this error:
Discussion on similar threads tried to give some guidance but without any luck in my case.
Add google.com in the authorized domain list of your app's OAuth consent screen.
Click on the application for which you want to configure for the next step:
Make sure to also add 'https://developers.google.com' in the Authorized JavaScript origins and 'https://developers.google.com/oauthplayground' in the Authorized redirect URIs[click 'save' below once added]:
You are applying your own client id and client secret to Oauth2 playground you are also using browser credentials.
For browser credentials to work it must be able to return the token to an endpoint that can handle it and that endpoint (Redirect uri) must be registered in the Google Developer console for that project.
if you check your first picture under the check box you clicked
You will need to list the URL https://developers.google.com/oauthplayground as a valid redirect URI in your Google APIs Console's project. Then enter the client ID and secret assigned to a web application on your project below:
Try adding that URL as it says.
I need the following information for my app to work:
1) Client ID
2) Redirect URL
Setting up the app and creating an ID + secret code was easy. But I have no idea what to put as my redirect URL. I used localhost as my URL and I was able to sign into my google account but after I signed in I received Error: redirect_uri_mismatch
Screenshot
What can I do? How do I even create a redirect URL?
In the Developer Console credentials page (the one in your screenshot), add your redirect URI to the "Authorized redirect URIs" text field.
Ensure you're supplying the correct port and correct route your server is listening on too.
For example, in the Google API Console, the working redirect URI for me is
Your port and route all depend on your server setup (ie. look in your index.js if you're using Node). This working sample with port 5000 is from the example server code in the YouTube API NPM module readme.
I'm using https in redirect_uri field of OAuth2. But when I connect to google client, I'm redirect to http url, not https. Here is a part of the code:
$client->setClientId($client_id);
$client->setClientSecret($secret);
$client->setRedirectUri("https://mydomain/myphp.php");
$client->setScopes(array('https://www.googleapis.com/auth/calendar'));
I use the example from http://www.daimto.com/google-oauth2-php/
When I run the script, it shows me a "Connect Me!" message and when I click on it, the browser ask my permition to access my google account. After I agree, it would must redirect me to the address in setRedirectUri, in HTTPS mode. But google api redirect me the same url but in http mode.
Some idea?
Thanks a lot!
I believe all is working, but after successful authentication on https your own code redirects you to a cleaned URL on plain http. Check the sample code that you copied after receiving and exchanging the code ("Step 2") and change the construction of the URL so that it uses https instead of https.
I'm trying to set up a mirror API service for Google Glass. I turned on Mirror API in the google dashboard per the instructions in the glass developer website for Mirror API.
But when I go to create a Client ID for Oauth2, I get "Invalid web origin".
I'm putting in www.myserver.com/foldercreated, which exists in my server.
Use your url's domain name as Authorized JavaScript origins such as:
http://www.myserver.com
And your callback urls as Authorized redirect URI such as:
http://www.myserver.com/foldercreated
Don't forget to set http:// (or https://) prefix.