I need to make an app via app engine, I am familiarizing with the [demos] (https://github.com/google/earthengine-api/tree/master/demos). I have successfully deployed all of them except for "export-to-drive". I am able to deploy it, but I get a 500 Internal Server Error. It is the same on the cloud shell, but when I run it locally it run well.
Since the web console shows no error, I checked in the cloud shell console and got those errors:
redirect_uri_mismatch
invalid_grant
I tried to authorize all the redirect domains I could think of, but nothing changes. I know it is not my API key because it is working when I run the code locally.
You need to set up both Service account and OAuth 2.0 Client ID credentials to authorize requests to Earth Engine.
Make sure that client_id and redirect_uri are properly configured as instructed here
Note that the value redirect_uri must match an authorized URI you have set up in API console > Credentials >
Client ID for Web application > Authorized redirect URIs
.
Related
I am facing the below issue, when an Azure Government cloud user is trying to access an web app hosted in Azure commercial cloud. I confirm that the reply url is present in the app registration
Sorry, but we’re having trouble signing you in.
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '7c528ed8-8f39-4efe-8ac2-c5a6d108def7'.
This error occurs when the redirect_uri in the authentication request doesn't match with the redirect uri registered in the App registration. When you access the web application, you get redirected to https://login.microsoftonline.com/... url.
Below is an example of authentication request, where the redirect_uri is https://jwt.ms, which must match with the redirect uri registered under app registration.
https://login.microsoftonline.com/your_tenant.onmicrosoft.com/oauth2/v2.0/authorize?client_id=574c674d-xxxx-xxxx-xxxx-xxxxxxxxxxxx&response_type=code&redirect_uri=https://jwt.ms&state=1234&response_mode=fragment&scope=https://graph.microsoft.com/.default
If you still face any issues, please share the Correlation ID, Request ID and Timestamp that you are getting along with the error and I will try to track the information in our backend database for you.
I am trying to setup cloud IAP for an application hosted in the Google cloud.
Logging in to the application works well via the web, and you are redirected to the Google authentication page, and redirected back to the website, with a session token set as a cookie.
Authenticating via a non-web interface, following the guide on programmatic authentication, trying both the command line way described there, and using the iOS SDK. In both cases, login works as it should, and I receive an id_token from the login process. BUT when I make an request like follows:
curl --verbose --header 'Authorization: Bearer ID_TOKEN' https://an-app.appspot.com/api/user
I ALWAYS receive the following response:
There was a problem with your request. Error code 13
It does not matter what the ID_TOKEN in the request is, the response is always Error code 13. If I do not specify the Authorization header, I am redirected to Google's login page.
Is there any setting or configuration I am missing?
TLDR;
The problem was a misconfiguration of the auth payload, in my case, it was the target audience that wasn't correct. Here's the appropriate format:
// this is the IAP client ID that can be obtained by clicking 3 dots -> Edit OAuth Client in IAP configuration page
const target_audience = "12345.apps.googleusercontent.com";
Details
I had the same problem, that I resolved using a mix between this post: How to authenticate google cloud functions for access to secure app engine endpoints And this Gist: https://gist.github.com/plmrry/f78136bba68f810622bc2840497ef7e1
Please can anyone help with config/troubleshooting for Firebase authentication with GAE Python apps.
I've tried to get the Firenotes app working (https://cloud.google.com/appengine/docs/python/authenticating-users-firebase-appengine) but when the app loads there's a popup with the error: The operation has timed out. Dismiss.
The email authentication works fine, all OK: can login, save notes, logout.
The problem is with the Google OAuth login.
Clicking on the Google sign button gives an error:
This site can’t provide a secure connection.
firebaseapp.com didn’t accept your login certificate, or your login certificate may have expired.
ERR_BAD_SSL_CLIENT_AUTH_CERT
The project was imported into the firebase project and as far as I can tell the config of main.js and app.yaml is correct.
The GAE .appspot.com has been added to the OAuth authorized doamins
The same error is if running local or deployed to GAE.
If you go to the 'Overview' section of your firebase console. You can select to "add firebase to your web app". A screen pops up with the config information for the frontend main.js file.
Mind you, the apiKey in the client config needs to be set to the google cloud platform api key for the app engine project your using.
This will enable the login.
What URLs I need to enter in Google API credential page?
I created an Oauth2 credential for my Google App engine web app.
I entered callback as https://myapp.appspot.com/oauth2callback and it works fine.
Now I am developing V2 and am deploying the app to 2-dot-myapp, Oauth2 stopped working. Do you have to specify callbacks for all versions I am going to deploy?
Yep! Google (or any OAuth provider) will not allow people to log in unless the callback URL provided during authorization exactly matches one that configure on the credentials page.
I'm using cloud endpoints with authentication on python environment.
And I have two registered apps, one is native, other is web, on Cloud Console.
In native app, I can use my apis after authentication. But in web app, below error is happened.
Oauth framework user didn't match oauth token user.
The sequence is below:
I can get the result of gapi.auth.authorize() with token.
And when I call gapi.client.oauth2.userinfo.get(), I can get user info without error.
But when I call my api, I get this oauth error.
Of course I added client ids(native, web, api explorer) to allowed_client_ids.
But if the client id of web is removed, same error is happened and no warning about client id missing.
(As far as I know, If the client id in the request is not in allowed_client_ids, the warning about Client ID is not allowed is in the log)
And when I call api through the api explorer, same error is happened.
I don't have any idea how to investigate about this error with this short log message.
Is there any check points, suggestions?
Sorry for my poor English.
thanks,
UPDATE:
After some investigations, I've got root cause, it's Authentication Type of the application.
The Authentication Type of my application is Google Apps domain.
I created another application with Google Account API authentication type and deployed same code,
I can get user info from get_current_user().
In the document, Cloud Endpoints project is created through Cloud Console,
but my application is created through AppEngine Console before.
thanks,