I've logged into the Google Cloud Platform console today and I can no longer see or create any entities in GCP Datastore. I don't use this interface very regularly, but I'm sure that I used to be able to see a list of the entities in the datastore, and be able to manually edit them. Today I'm seeing no entities, and I get the following error message :
"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
The link seems to point me off to a page that talks about integrating Google Sign-in into my web application - that doesn;t seem relevant to me at the moment - I'm just trying to use the GCP console itself
Moving details from comments section to full answer
The correct URL to access Cloud Console is https://console.cloud.google.com and then you select Datastore from the drop down menu on the left
OP was using an old url - https://console.*developers*.google.com/
To Access any component in the GCP including datastore. You need to pass valid credential(key) or your pipeline should be processing using correct GCP credentials.
https://cloud.google.com/docs/authentication/getting-started
Related
When I try to open the google appengine datastore admin tool it redirects me to:
https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/login_required?continue=https://ah-builtin-python-bundle-dot-myapp.appspot.com/_ah/datastore_admin%3Fapp_id%3Dmyappid
and gives me a 500 error.
According to this appengine bug report:
https://code.google.com/p/googleappengine/issues/detail?id=10150&q=%22datastore%20admin%22&colspec=ID%20Type%20Component%20Status%20Stars%20Summary%20Language%20Priority%20Owner%20Log
"This looks to be a problem because you are using non-default authentication scheme.
Are you using user service/Google Accounts API for authentication of users inside your application? If not, consider changing your authentication method.
If you are, then you'll need to setup a custom domain and access the datastore admin via:
https://ah-builtin-python-bundle-dot-
so that the correct authentication cookies can be used."
I'm using simpleauth for authentication and have a custom domain with an ssl certificate.
I would love to be able to backup my datastore data, it's a pretty big risk for my site if I can't!
Any ideas?
Must have been a problem on Googles end, because when I tried again a few months later it magically worked.
I implemented Google Sign in to my Angular application following this tutorial here: https://developers.google.com/identity/sign-in/web/ .
It worked fine on the localhost. Now I am trying to host my Angular application on an AWS S3 bucket. I allowed the the root url of the S3 bucket in the Google developer console. Google Sign in button is there but when ever I click I get the following error:
400. That’s an error.
Error: invalid_request
Application: xx Demo
You can email the developer of this application at: ...
Permission denied to generate login hint for target domain.
Request Details
openid.realm=
scope=email profile openid
response_type=permission
redirect_uri=storagerelay://http/s3-us-west-2.amazonaws.com?id=auth...
ss_domain=http://s3-us-west-2.amazonaws.com
client_id=.....apps.googleusercontent.com
fetch_basic_profile=true
I found this post here. It says
When using Amazon S3, though, it is not possible to protect your
website because the content is purely static. This means you can't
have a login page on the front end. With the service, you can either
make your objects either absolutely public — so that anyone can see
them online — or assign access rights to them — but only for users
connected through RESTful API.
Does this mean I can't use Google Sign in button if I host this application on S3 buckets?
I never deployed anything before. I'll really appreciate some insight. Thanks.
You can implement Google Sign in even though you host your website on S3. You will have to put some information publicly, such as the client token, but on the Google API Console you will restrict access to the API to only your domain.
When you say you allowed the root endpoint for your S3 Bucket in the Google API Console, are you talking about the actual bucket url or the URL that the bucket gives you when you allow Static Website Hosting? You should use the Static Website Hosting url.
I'm using cloud endpoints with authentication on python environment.
And I have two registered apps, one is native, other is web, on Cloud Console.
In native app, I can use my apis after authentication. But in web app, below error is happened.
Oauth framework user didn't match oauth token user.
The sequence is below:
I can get the result of gapi.auth.authorize() with token.
And when I call gapi.client.oauth2.userinfo.get(), I can get user info without error.
But when I call my api, I get this oauth error.
Of course I added client ids(native, web, api explorer) to allowed_client_ids.
But if the client id of web is removed, same error is happened and no warning about client id missing.
(As far as I know, If the client id in the request is not in allowed_client_ids, the warning about Client ID is not allowed is in the log)
And when I call api through the api explorer, same error is happened.
I don't have any idea how to investigate about this error with this short log message.
Is there any check points, suggestions?
Sorry for my poor English.
thanks,
UPDATE:
After some investigations, I've got root cause, it's Authentication Type of the application.
The Authentication Type of my application is Google Apps domain.
I created another application with Google Account API authentication type and deployed same code,
I can get user info from get_current_user().
In the document, Cloud Endpoints project is created through Cloud Console,
but my application is created through AppEngine Console before.
thanks,
At our company we are experimenting with the Google App Engine.
There is already an app online and they wanted to add me to this existing app.
We tried to do this several times but I still can't access the existing app.
The email you receive when you are added to an existing app consists of 2 links.
- one for coupling it to an existing Google account
- one for coupling it to the receiving email address which is a Google Account
If i follow the link in case 1, I'm redirected to a page where I need to create a new application.
If i follow the link in case 2, I get the following Server Error:
"Sorry, you've reached a login page for a domain that isn't using Google Apps. Please check the web address and try again."
If one of my colleagues looks at the Permissions page of all users, my status is pending...
Anyone an idea?
Your accounts are on Google Apps? if is the case, you need to use the good link; In the email you received you should have 2 links to validate account. The first is for google account and the second is for google apps account.
I'm pretty new to SalesForce and their Apex language. I've been reading some documentation and tried the integration between Google and SalesForce.
I'm wondering is it possible to emulate an auth token from google to SalesForce?
I'm trying to read a google spreadsheet and then fill up a SalesForce object automatically. The user login will always be the same/universal for this spreadsheet, so I have the credentials required to login.
I am working off of the sample that requires a visualforce, and I'm wondering how would I automatically do the session id token that the google spreadsheet API requires.
Any ideas?
The old-school, hard way would be to send a login() call to the API (available through SOAP messages). Salesforce API is well documented and plenty of examples are available (both in programming languages and for raw XML requests/responses).
But I have no idea what possibilities you have from Google side, if it's only JavaScript then you might not be able to send and retrieve AJAX-like calls to another domain...
Recently another option emerged and that is REST API (no SOAP needed). Looks more promising and easier in my opinion. Quick intro is available here and you'll find more documentation on the bottom of the page.
Last but not least - 2 interesting links:
http://code.google.com/apis/gdata/articles/salesforce.html for some integration tutorial
and built-in integration offered by Salesforce: http://www.salesforce.com/assets/pdf/datasheets/SalesforceGoogleApps.pdf
I've used custom settings to do this. Use OAuth to get a token for Google, then store that token in Salesforce custom settings (Setup-Develop-Custom Settings). You can then retrieve the token for callouts to Google from that custom setting for any user needing access to Google Apps. The downside is, every user will authenticate as your custom setting token user. The upside is that they won't need to individually authenticate. Custom settings are retrievable via Apex using a simple getter, and live as Apex-like objects.
Also keep in mind, Google requires each service to use it's own token. So, if your user wants to use Calendars and Spreadsheets, that's two separate tokens that will need to be stored and retrieved for the callout.
I generally allow users to create their own authenticated session tokens via OAuth if they want to do that, then failover to the custom settings to get the general admin token if necessary.
Are you trying to log into Google Apps from SFDC? There are options for Google Apps within Salesforce, go to Setup > Administration Setup > Google Apps > Settings. I've not used this and it requires some setup, but thought I'd point it out. Aside from that I can only blurt out OAuth (getting users to authenticate with Google from within Salesforce when trying to access Google Apps) and SSO (which I know can be used to authenticate from an external system, though not sure if it works the other way).
Look into the "Named Credentials" menu in salesforce setup.
There, you can store auth credentials for the services accessed via Apex:
"A named credential specifies a callout endpoint and its required authentication parameters. When setting up callouts, avoid setting authentication parameters for each callout by referencing named credentials."
a username/pass combo can be used, or a certificate, or an AWS signature, and there is a JWT option..
Help docs: https://help.salesforce.com/articleView?id=named_credentials_about.htm&type=5