Google API fails to authenticate when iOS client ID is used - ios

I'm trying to integrate the Google Data API into my application. I'm using the ObjC wrapper available here:
http://code.google.com/p/gdata-objectivec-client
but I have got some issues with the authentication. Basically I'm following the steps as described here:
http://code.google.com/p/gtm-oauth2/wiki/Introduction#Signing_In_to_Google_Services
I have created a project on the API Console and added two client IDs for installed applications: one is of the "Other" platform, the other is "iOS" with the bundle ID appropriately set (though I left the appstore id 0 for the moment). Now comes the interesting part.
Both the YouTubeSample app bundled with the above wrapper library AND my iOS app work perfectly with the client ID belonging to the "Other" platform, and both of them return a 400 invalid_client error when I switch the ID for the iOS one. I have doublechecked the client IDs and secrets, all are correct. The iOS app has of course been given the correct bundle ID.
So, am I missing something trivial here?

Is there a reason that you need to use the iOS-type id/secret pair instead of the other-type pair? Perhaps I'm missing something, but the linked documentation states to not use an iOS type client id:
In the console, create a project, then click "API Access" in the left column. Create a new Client ID for an Installed Application (not a web application) type other (not iOS). This will provide Client ID and Secret strings to be used with the controller.
The controller likely doesn't identify itself as an iOS application when sending the requests, which Google probably checks when it receives an iOS id/secret pair.

Related

iOS GoogleMap API key, If keep it as blank will be generated any issue?

I have just simple question. I'm using goole map and direction API. So I need to create API key thats fine, I have done it.
But When I edit my API key and select Application restrictions to iOS Apps and save it.
I'm using this key in my app then I'm getting below error message.
This IP, site or mobile application is not authorized to use this API key. Request received from IP address XXX.XXX.XX.XXX, with empty referer
But If I remove the application bundle id from iOS Apps then API key is working
Also I'm referring this question This IP, site or mobile application is not authorized to use this API key
But some confusion are, Can we keep it as blank? There is any security related issue? do I need to do any changes when I'm going to upload app on app store ?
NOTE: I'm using API key in all the places in the coding. like
GMSServices.provideAPIKey(googleAPIKey)
and
let urlString = "https://maps.googleapis.com/maps/api/directions/json?origin=\(myCoordinateStr)&destination=\(destinationCoorinateStr)&key=\(googleAPIKey)&sensor=true"

Custom scheme URIs are not allowed for 'Web' client type - Google with Firebase

I am trying to implement google sign in using firebase in to my iOS app. I follow this tutorial.
https://firebase.google.com/docs/auth/ios/google-signin
I have setup the iOS app in firebase and use the google clientID and reversedClientID from the dowloaded GoogleService-Info.plist.
FYI: I have a custom sign-in button instead of the google sign in button. Anyway when i click the sign in button, google following error display in a webview.
I know my problem is the same as which described in this question.
Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type
But, in my case, I have created the app in Firebase still I get the error. Any idea please...
The first step is to check if you have already the OAuth 2.0 ID for iOS. To do this please open the Credentials page in the API Console. I hope you will find iOS client for your application under OAuth 2.0 client IDs section. If not, please follow this Guide
The second step is to replace the Web Client ID with in iOS Client ID from OAuth 2.0 client IDs section. To do this, you should open the GoogleService-Info.plist and modify following keys: CLIENT_ID with [value].apps.googleusercontent.com and REVERSED_CLIENT_ID with com.googleusercontent.apps.[value].
if you're using flutterfire ui package you need to change the client id parameter in your GoogleProviderConfiguration class with the iOS client id,
you can copy it from here Credential page
example:
providerConfigs: [
GoogleProviderConfiguration(
clientId: "your copied key here"),
]
re-build you're app and you should be good to go
I've just faced this same issue using flutterfire_ui on Flutter.
The error appears to be from a couple of things. As Valeriy points out you need the ios client ID. But I still got the error if I used the scopes
openid
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
Instead change these to
openid
email
profile
Strangely the opposite is true for Android, where the WebID and the first of the scopes should be used.
It also pays to be aware of the OAuth Content Screen..
In google cloud go to APIs & Services > OAuth consent screen > Edit.
You can add scopes here and fix any missing required fields that Firebase might not be filling out (I had 1). I believe this takes a while to propagate after a change, so give it an hour.

Google 400 Error: invalid request Custom scheme URIs are not allowed for 'Web' client type

When I am signing into Gmail in my iOS App, I am getting the below error (screenshot) and the sign-in fields do not appear. We are loading the sign-in screen in a WKWebView.
We are using a custom URI redirect but why is google throwing this error now. What are the alternatives to a custom URI?
Swift 2.3 project
Using OAuthSwift v0.6.0 cocoapod
This started quite recently only in the past week or so I believe something changed with Google's APIs.
I have read that google is deprecating webviews for OAuth and will block requests on April 20, 2017. As seen here in a Google Developers Blog:
https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html
Does this mean I already need to use or is there another viable solution? I thought I had more time before needing to update this.
My guess is that your client is registered incorrectly in Google Cloud Console. A 'WEB' client is typically a server or Javascript application. An iOS app should be registered as an iOS client.
https://developers.google.com/identity/protocols/OAuth2InstalledApp#creatingcred
I Just found this problem too.
Please check google developer console and look at the credentials keys
Your Client ID in google-info plist must come from iOS application, not the web.
And use that Client ID to be revereseClientID and copy it in to URI type
I have solved the problems by create project in Fire Base Because REVERSED_CLIENT_ID generate from developers.google.com Incorrect.
Try create your project in FireBase
https://console.firebase.google.com
you must cross check clientId at your 'Google Dashboard' clientId and clientId at "GoogleProject.Plsit".if both are different, copy ClientID from 'Google Dashboard' and paste it on "GoogleService-Info.Plsit".and also amend your reverseClientId in "GoogleService-Info.Plsit" according to newly pasted ClientID(you check the pattern how reverseClientId created from client Id in "GoogleService-Info.Plsit"). And then paste thid reverseClientId in 'URL type' in your project setting.
In case of mine clientId on "GoogleService-Info.Plsit" and my 'Google Dashboard' were different.
chech your google dashboard here : https://console.developers.google.com/apis/credentials?project=firebase
I just experienced this issue following the Google Signin for iOS Guide. The plist generated file is not the good one. You need to take a look at the clientID and reversedClientID and be sure that they are the ones for the iOS app on your Google developer portal.
I faced this error after previously creating a GoogleService-Info.plist file using the site Google Sign In directs you to. I later started using Firebase, which seems to create a separate .plist file. After attempting to include Firebase's new .plist file, my Google Sign In button started yielding the invalid_request error with the Custom scheme URIs are not allowed for WEB client type message.
In order to fix the problem I tried many things, but in the end deleting MY ENTIRE Firebase project on their web console (not just the individual app), recreating a new Firebase project from scratch, and re-downloading the new .plist file, solved the error.
It creates two client ID. one for web and one for iOS application. Web client will be in the google plist by default. So it gives the above error. Use iOS Client id from google console or create credential for iOS application.
For my experience, I had followed Google's SignIn iOS Swift guide and had downloaded a Web OAuth JSON file. They literally provide you the wrong Plist file for an iOS setup.
Just in case somebody else runs into this issue here are the steps I followed:
Go to the Google Developers console.
Go to the Credentials section.
Notice there are two items in the "OAuth 2.0 client IDs" section. (If you previously attempted to configure an iOS Google SignIn project.
Click on the name of the "iOS client for ".
Click "Download PLIST File".
Delete the Google web Plist file from your project.
Drop in the new iOS based Plist file.
Copy over the new REVERSED_CLIENT_ID into your URL Types of the Info page of your project. (This is detailed in Google's guide).
Attempt to run your app again.
Note: I got the Google Sign In API to work with Swift v3 and XCode v8.
I was getting the same error. Then I figured out, that I did not provide my app Bundle Id to access the Google Sign In Service in my app.
You do that from the page with the link:
https://developers.google.com/mobile/add?platform=ios&cntapi=signin&cnturl=https:%2F%2Fdevelopers.google.com%2Fidentity%2Fsign-in%2Fios%2Fsign-in%3Fconfigured%3Dtrue&cntlbl=Continue%20Adding%20Sign-In
1.Sign in with your Google Developer account.
2.Create you app name and copy the App bundle Id from your project from:
Project and Target List> General> Bundle Identifier.
3.Choose your Country
4.Enable Google- Sign In.
Then perform the necessary steps to integrate Google Sign In in with your iOS App.
I was facing the same issue. I followed all the instructions to integrate my app several times, and played with the code to see if there was any hidden issue in the code.
I downloaded and configured the sample app from google at github https://github.com/googlesamples/google-services and go the same issue, so it was not the code.
It seemed like there is something in my console configuration so I switched between different google console apps, and played changing the bundle IDs.
The only thing that managed to fix this issue was to use Firebase instead. I created an app in the firebase console, downloaded the new plist, and it worked.
Still not sure why this didn't work for me in the first place, this doesn't seem to be a common problem, but I hope this helps someone.
cheers,
Kindly check console.developers.google.com/apis/credentials for your project and see whether there is already a client_id in OAuth 2.0 client IDs section , if so then copy that client id and replace it with you GoogleService-Info.plist file's CLIENT_ID and accordingly change REVERSED_CLIENT_ID (in reverse manner) now clean and build your app and test it will work
I was using Meteor with Cordova and Meteor's official google integration, which relies on cordova-plugin-googleplus.
I had to:
create both an iOS and a web Client ID
use the web Client ID on the settings / server / database as documented
but then use the reverse of the iOS web client as the REVERSED_CLIENT_ID for cordova-plugin-googleplus
Expo, authentication with Google.logInAsync from expo-google-app-auth
In my case I just used androidClientId instead of androidStandaloneAppClientId

How to get client secret from Google Developers Console in iOS?

Currently i am working on one of old project within that there is a client id and client secret. Now i want to update those with new client id and client secret using another Developer account. I followed each and every step from
https://developers.google.com/+/mobile/ios/getting-started
Google APIs Console - missing client secret
But i can see only client id. Where is the client secret ?
Here i can see only client id
Hey this is step by step process ,hope this helps you...
Step 1:
Goto Google Developer console and create new app
Step 2:Enable the google plus api
You can see the enable api in the Enable API's tab which is next to API Library ,which is visible in second image.
Step 3: Goto to credential in API & auth tab then select credentials option
select the type of authentication you require
then you will can see the configure consent screen configure the page with the information you wish to provide .
Step 4: Select the web Application option on top
and enter required url's
and finally click create button
once you do that ..you can see ...client id and client secret key...
When in iOS, the application type of the OAuth credential should be 'iOS'.
And then you should pass an empty string as the client secret in your code.
Keeping a secret (that is global to the entire application, not unique per user) in an app is NEVER EVER secure. See https://developer.okta.com/blog/2019/01/22/oauth-api-keys-arent-safe-in-mobile-apps This is an amazing article, please spend as much time as needed to understand it.
Because it can't be kept secure, using client secret in iOS is the old, outdated approach. Nowadays you want to use proof-key-code-exchange (PKCE). It's also explained in above link, but in short:
Generate a secret key in iOS, it is one time use for that one specific login
Only send the hash of the key to the login authority (Google). The original has not left the app yet
To get the tokens, you send: <AuthorizationCode,ORIGINAL secret> AuthorizationCode is also a one time use
Google can compare the "original secret" to the previously sent hash. It therefore knows you are not an attacker that has stolen the AuthorizationCode
Back to the question. Google let's you create different types of "Apps":
Web application: Has a client secret (It's on a backend server, not on a publicly accessible iOS app)
iOS app: Has "iOS URL scheme" instead. There are frameworks that use this URL scheme and do the steps I described above for you (including PKCE). Disclaimer: I'm not an iOS developer, but I'm 99% certain

Calling Google Places/Nearby API from inside an iOS App

I'm trying to call the Google Places API to return a list of restaurants near me. When I call this from a browser it works fine. However, when I call this from inside an iOS App I built using Ionic Framework, it fails with a data NULL, status 0 error.
I researched quite a bit, figured out this was a CORS issue. I looked up Google documentation on how to issue GET requests for iOS App. I used my app's bundle id to create a key and client ID for my app. Using the steps here https://developers.google.com/accounts/docs/OAuth2InstalledApp#overview, I obtained an access_token, which I used as a query parameter just like the docs mentioned. Nothing works. What is going wrong?
URL that works on browser: https://maps.googleapis.com/maps/api/place/nearbysearch/json?key=MyServerApplicationsKey&location=33.85463,-84.35870&rankby=distance&types=restaurant
URL that fails from IOS App: https://maps.googleapis.com/maps/api/place/nearbysearch/json?key=MyiOSApplicationsKey&location=33.85463,-84.35870&rankby=distance&types=restaurant&access_token=MyToken
#plexer
I use the server key to call the URL from the browser. That works, as mentioned. From the App if I use this key, I get the following error:
{"data":null,"status":0,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"url":"sameUrlThatWorksOnBrowser","headers":{"Accept":"application/json, text/plain, /"}},"statusText":""}
The Google Places API uses a Public API Access key, rather than oAuth. The good news is that these are a lot simpler to get started with.
Follow the instructions under the Authentication section on this page to create a new Public API access key, then include that key in the &key parameter for your application.
After clicking the "Create new Key" button, select "Server key". That's a bit weird, since you are calling the API from iOS, but it will work.

Resources