I am using Firebase Auth (firebase 4.1.3) in my Angular4 project with Google sign in enabled. While working on localhost everything works as expected. However, when deploying my app hosted on Google App Engine, authentication popup fails with the "auth/unauthorized-domain" error.
How can I whitelist my custom domain in Firebase?
Checks already done:
My firebase project has billing enabled and active
Google sign-in with pop-up works on localhost
Google app engine domain is already whitelisted in "Authorized Domains" under Sign-In method, in Authenticacion module of Firebase console.
Double checked the javascript firebase config in my angular app (I copy-pasted the snippet given by the firebase console).
In the Google Cloud Console, the default web API key has no access restrictions and the OAuth client id already contains my App Engine domain in the list of "Authorized JavaScript origins" and also in the "Authorized redirect URIs" (https://console.developers.google.com/apis/credentials?project=MYPROJECT).
Some other similar SO questions refer to checking the previous things and even waiting up to 20 mins after whitelisting a new domain to allow change propagation. But none of these advices worked for me.
NOTE: Full error code
{
code: "auth/unauthorized-domain"
message: "This domain (PROJECT.appspot.com) is not authorized to run this operation. Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab."
}
Any help would be appreciated.
Ok, Answering my own question. I finally found the problem: I was deploying an old version of the web app. So it will never work this way...
In case it could be useful to others, the above steps for configuring firebase Auth are correct and enough!
I was taking over an existing project, and I got this error while deploying with the wrong environment. (the domain was correctly setup in Firebase)
ng build --prod && firebase deploy
While was deploying on my Dev Environment.
I've scripted the deployment to avoid this kind of mistake.
ng build --configuration "${ENV}" && firebase deploy
where env var is set as an argument of the script
I have faced the same problem. Then I find Out the solution.
First goto your firebase project then click Authentication goto sign-in method then scroll down you will find Authorized domains add your live site link there. Hurrey Problem Solved.
Authentication > sign-in medhod > Authorized domains
firebase solution image
Related
I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app.
The IAP is activated and the OAuth consent screen it set to internal.
In the IAP settings, I added myself and a fellow both with the "IAP-secured Web App User"-role.
While I can access the app after login with my associated google account, he gets and "Error 403: org_internal" error when login within his associated google account.
What I already tried:
Setting the OAuth consent screen to external (test mode) and added both of us
Adding him to our GCP organization
None of both approached worked. He just can't access the app after all.
Any ideas what I am doing wrong?
Please can anyone help with config/troubleshooting for Firebase authentication with GAE Python apps.
I've tried to get the Firenotes app working (https://cloud.google.com/appengine/docs/python/authenticating-users-firebase-appengine) but when the app loads there's a popup with the error: The operation has timed out. Dismiss.
The email authentication works fine, all OK: can login, save notes, logout.
The problem is with the Google OAuth login.
Clicking on the Google sign button gives an error:
This site can’t provide a secure connection.
firebaseapp.com didn’t accept your login certificate, or your login certificate may have expired.
ERR_BAD_SSL_CLIENT_AUTH_CERT
The project was imported into the firebase project and as far as I can tell the config of main.js and app.yaml is correct.
The GAE .appspot.com has been added to the OAuth authorized doamins
The same error is if running local or deployed to GAE.
If you go to the 'Overview' section of your firebase console. You can select to "add firebase to your web app". A screen pops up with the config information for the frontend main.js file.
Mind you, the apiKey in the client config needs to be set to the google cloud platform api key for the app engine project your using.
This will enable the login.
What URLs I need to enter in Google API credential page?
I created an Oauth2 credential for my Google App engine web app.
I entered callback as https://myapp.appspot.com/oauth2callback and it works fine.
Now I am developing V2 and am deploying the app to 2-dot-myapp, Oauth2 stopped working. Do you have to specify callbacks for all versions I am going to deploy?
Yep! Google (or any OAuth provider) will not allow people to log in unless the callback URL provided during authorization exactly matches one that configure on the credentials page.
I've gone through all the steps of setting up an SSL certificate on a Google App Engine app with custom domain. It worked for our test app (URL: test.mycompany.com). Now I'm went through the exact same process with our demo site (URL: demo.mycompany.com). Google is not letting me assign the URL to the certificate.
Figured this out. This posting was most helpful: How do I enable SSL for custom domains on appengine?.
In short, first add the custom domain in the Google Apps admin. Don't add it to the Google App Engine Console. Then in the Google Apps Security settings upload the certificate and assign the URL to the certificate. Adding the custom domain to Google Apps Console after doing this.
Having the custom domain defined in GAE admin console first, produces the error, "We are unable to process your request at this time. Please try again later. (Error #1000)".
I am using dev_appserver.py to test my app locally. However, I can't login to it because Facebook restricts logins to only the app URL I provide in the Facebook setup, which is myappname.appspot.com.
It doesn't look like there's a way to authorize secondary referrers for Facebook apps. Are there any good workarounds for this?
My app relies almost entirely on Facebook data, so faking a login won't get me very far.
option 1) Edit your hosts file so that your registered domain points to 127.0.0.1
option 2) Register a secondary app ID on facebook that you will use for development purposes. Register this with the URL of localhost. Then switch which app ID you use prior to deployment to your production server.Given how common this problem is, it's shocking to me that the Facebook documentation isn't more explicit about the workaround. Other OAuth providers aren't any better though...