Can't assign SSL certificate to Google App Engine app - google-app-engine

I've gone through all the steps of setting up an SSL certificate on a Google App Engine app with custom domain. It worked for our test app (URL: test.mycompany.com). Now I'm went through the exact same process with our demo site (URL: demo.mycompany.com). Google is not letting me assign the URL to the certificate.

Figured this out. This posting was most helpful: How do I enable SSL for custom domains on appengine?.
In short, first add the custom domain in the Google Apps admin. Don't add it to the Google App Engine Console. Then in the Google Apps Security settings upload the certificate and assign the URL to the certificate. Adding the custom domain to Google Apps Console after doing this.
Having the custom domain defined in GAE admin console first, produces the error, "We are unable to process your request at this time. Please try again later. (Error #1000)".

Related

Identity-Aware Proxy Authorization Error 403 org_internal

I have a Python Streamlit app hosted in GCP via App Engine. Following this tutorial, I added an Idenity-Aware Proxy to secure the app.
The IAP is activated and the OAuth consent screen it set to internal.
In the IAP settings, I added myself and a fellow both with the "IAP-secured Web App User"-role.
While I can access the app after login with my associated google account, he gets and "Error 403: org_internal" error when login within his associated google account.
What I already tried:
Setting the OAuth consent screen to external (test mode) and added both of us
Adding him to our GCP organization
None of both approached worked. He just can't access the app after all.
Any ideas what I am doing wrong?

Cannot remove a domain or upload a new SSL certificate on Google Cloud Platform

I used to have permissions to remove a custom domain on Google App Engine or upload a new SSL certificate.
However, one day the SSL certificate was expired and I could not upload a new SSL certificate and got the following warning message.
"You do not have sufficient permissions to view this page".
When I remove this custom domain and also got the following warning message.
"All domains mapped to this application are shown below. Only owners of a domain may remove one of its mappings."
I am the owner of managing the domain name group in Google Cloud DNS and project.
Any ideas to solve this issue.
I solved this problem.
I don’t know why this suddenly happened.
The solution was to remove the app engine and create it again and setup the custom domain.
App engine only allows someone who created this app engine and domain name can manage domain names or update ssl certificates.
Moreover, Google now has a new feature to provide auto-renewed ssl certificates for app engine.

firebase auth domain not authorized even after whitelisting domain

I am using Firebase Auth (firebase 4.1.3) in my Angular4 project with Google sign in enabled. While working on localhost everything works as expected. However, when deploying my app hosted on Google App Engine, authentication popup fails with the "auth/unauthorized-domain" error.
How can I whitelist my custom domain in Firebase?
Checks already done:
My firebase project has billing enabled and active
Google sign-in with pop-up works on localhost
Google app engine domain is already whitelisted in "Authorized Domains" under Sign-In method, in Authenticacion module of Firebase console.
Double checked the javascript firebase config in my angular app (I copy-pasted the snippet given by the firebase console).
In the Google Cloud Console, the default web API key has no access restrictions and the OAuth client id already contains my App Engine domain in the list of "Authorized JavaScript origins" and also in the "Authorized redirect URIs" (https://console.developers.google.com/apis/credentials?project=MYPROJECT).
Some other similar SO questions refer to checking the previous things and even waiting up to 20 mins after whitelisting a new domain to allow change propagation. But none of these advices worked for me.
NOTE: Full error code
{
code: "auth/unauthorized-domain"
message: "This domain (PROJECT.appspot.com) is not authorized to run this operation. Add it to the OAuth redirect domains list in the Firebase console -> Auth section -> Sign in method tab."
}
Any help would be appreciated.
Ok, Answering my own question. I finally found the problem: I was deploying an old version of the web app. So it will never work this way...
In case it could be useful to others, the above steps for configuring firebase Auth are correct and enough!
I was taking over an existing project, and I got this error while deploying with the wrong environment. (the domain was correctly setup in Firebase)
ng build --prod && firebase deploy
While was deploying on my Dev Environment.
I've scripted the deployment to avoid this kind of mistake.
ng build --configuration "${ENV}" && firebase deploy
where env var is set as an argument of the script
I have faced the same problem. Then I find Out the solution.
First goto your firebase project then click Authentication goto sign-in method then scroll down you will find Authorized domains add your live site link there. Hurrey Problem Solved.
Authentication > sign-in medhod > Authorized domains
firebase solution image

App Engine Application ID for custom ssl setup

I have one domain(abc.com). I added cname as login then url becomes as login.abc.com.
I want to add ssl for custom url. I went to admin console security->ssl for customs domain.
There i need to add "App Engine Application ID", I am trying to add app engine application id, but it is not working. It is redirecting to admin console of that domain.
Billing is already enabled.
I am not getting what is going wrong here.
can anyone guide me ? is any steps i missed out..?
In order to use SSL for custom domains, you need to follow these instructions:
https://developers.google.com/appengine/docs/ssl

Unable to add custom Domain w/ Google App Engine

I'm unable to map a custom domain to my Google App Engine app. The steps I've already taken are:
I'm the admin of the Google Apps account
I'm the owner of the Google App Engine Account
I've added the domain to the "Domains" section of Google Apps
I've verified ownership of the domain within Google Apps
I've correctly setup the MX records of the domain
I've checked that the domain was correctly setup using: https://toolbox.googleapps.com/apps/checkmx/
However, for the last 3 days in the Domains section of Google Apps it says "MX records setup validation in progress".
Additionally, when I go to add the domain within the Application settings of the Google App Engine account I get redirected to a sign in page (despite already being signed in, and an admin within Google Apps, and the owner of the Google App Engine app). Either way when I go to sign in again I just get redirected back to the signin page and I'm not able to get any farther.
Also, I have billing enabled for the App Engine account. I've configured app engine domains numerous times before and never had these issues. Any help would be appreciated.
Update:
Following #presveva's suggestion I setup a new Google Apps account (despite already having an existing one) and the first page after creating a new Google App was a server error. After refreshing the page and verifying ownership of the domain I went to add the domain to App Engine.
On the "Please accept the Google App Engine terms and conditions to continue" page, first of all no terms even showed (numerous XMLHttpRequest errors on the page), and after submitting "I accept. Continue to add this service" the next page stated "An error occurred while trying to install this application. Please try again later."
This process is horribly broke and would be great if Google addressed this.
I know this this post is old but I ran into the same issue.
All ready running Google Apps for my primary domain.
Created a new app and registered a new domain name for that.
Don't want to get a new payed Google Apps account for the app domain.
#presveva is right but there is one way around it.
Use your current Google Apps account and add the app domain as a alias for your primary domain.
Make the admin account of your Google Apps domain owner of the Google App Engine (GAE) application.
Add the GAE app to your Google Apps account via the Google Apps admin interface.
Setup a custom domain name for the domain alias, your new app domain.
Note: If you use Google Sites for your domain you can't use www. Disable sites if you want to use GAE.
For now, the only one way for using custom domain in GAE is signup a Google Apps account (domains article).
Notice that the domain need to be the primary domain of account, a new account for domain.
The docs I have linked mentions a free single-user account but it has been replaced by a 50$ credit for a business Google Apps account (forum annunce)

Resources