I have been facing the same problem from Google Cloud API Console for over a day now.
I tried to add a new redirect_uri for an old project to use it in my webapp but it gives me "redirect_uri mismatch" error. Old redirect uri still work as they used to.
I even tried creating a fresh project from the start and then registered a new application. This now gives me "invalid_client" error via google oauth.
If the old redirect_uri redirect as they should, then why doesn't the new one? Does something else need to be done when addding a new redirect uri?
Your errors are all self explanatory, so you simply need to carefully retrace your steps and check typing, that you are using the correct client id with the appropriate urls.
it gives me "redirect_uri mismatch" error.
The uri must match character for character. eg. watch for http(s) and trailing slash
This now gives me "invalid_client" error via google oauth.
Either you forgot to enable the API or you haven't correctly installed the new client ID in your app.
Does something else need to be done when adding a new redirect uri?
NO. Just make sure it exactly matches the URL you are passing.
It's sometimes easier to switch back to the old API Console. There is a faint grey link at the bottom of the screen in the new cloud console.
This looks like a bug.
See Newly created Oauth Client IDs don't work for what seems like a successful workaround.
Related
I bought an app template to mess around with, and when I'm trying to login in this case via Facebook it's calling the API I set up according to the guide.
It's calling
http://IP/mobileapp_api/api/registerUser
Now it's giving me the 404 error because the API folder does not exist, but when looking through the documentation and double-checking everything I also notice that he also doesn't have an API folder, but he's able to get a response just fine.
How is this possible?
Link for the video documentation https://www.youtube.com/watch?v=G1OTEbnD6CM&t=324s
I've tried to reach out to the developer, but with the current covid situation in his home country, I doubt I'll get a reply anytime soon, hence why I've come here.
Not sure why, but uploading the files via CPanel and not Filezilla somehow made it all work.
I'm trying to write a VSCode extension where users could log into Google AppEngine with a google account, and I need to get their SACSID cookie to make appengine requests.
So I'm opening a browser window at
https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttp://localhost:3000/
(generated by google.appengine.api.users.create_login_url)
The user logs in and is redirected to my local webserver at
localhost:3000/_ah/conflogin/?state={state}
Now I try to forward the request to my AppEngine app (since it knows how to decode the state parameter), so I do a request to
https://my-app.appspot.com/_ah/conflogin/?state={state}
basically just replacing localhost with the actual app.
but it doesn't work, presumably because the domain is different. I assume this is on purpose, for security.
Is there any way I can make this work ?
Not ideal, but the only solution I've found is to have an endpoint on my GAE instance that does the redirection. Then I can set that as the continue url, when I'm starting the authentication process
https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://my-app.appspot.com/redirect?to=http://localhost:3000
I think you should center the attention on the protocols you are using, since it’s known that the cookie name is based on the http protocol (HTTP : ACSID, HTTPS:SACSID), and that’s the security perspective till this point for me.
Having the error you are facing now would be helpful to understand the problem better. Also, how are you performing the call to the API and the code you are using would be helpful too.
Well, I'm having a weird error here:
I'm developing one GAE app to read some Twitter Data, and after read a lot of docs, I have it working on my test server (Running on my pc) but after deploy and test on the real (my appspot domain) it shows this message:
401:Authentication credentials (https://dev.twitter.com/pages/auth) were missing or >incorrect. Ensure that you have set valid consumer key/secret, access token/secret, and the >system clock is in sync.
message - Could not authenticate you
code - 32
I've tried to recreate my OAuthAppToken and OAuthAppTokenSecret keys, even changing the permissions to "Write, Read and Direct Messages" and even assingning one Callback URL but nothing seems to work...
I've tried using twitter4j.properties OR using setOAuthConsumer(TW_CONSUMER_KEY, TW_CONSUMER_SECRET) OR a ConfigurationBuilder whith the correct constants and I'm experimenting the same Issue.
I'm working with AppEngine 1.8.3 and Twitter4j 3.0.4
Iv'e been writing on log and the Twitter object seems to be well created... I dont understand why is working on my PC but not on the real app.
On some other post someone says that could be because it needs to use Sync clock.. but he doesn't explains where to change that property...
Did someone had a clue?
Ok, the problem was me (and Twitter.... well..... I really think it was Twitter problem for being so dark on his api messages)...
On testing server I was looking for an existing account and on the cloud I was looking for an inexistent one. So, It was my mistake. But seriously, what about Twitter saying: "Access Forbidden"? That doesn't have any sense...
I'm trying to setup the config.php with my values but I get this fatal error:
Fatal error: Uncaught exception 'Google_AuthException' with message 'Error fetching OAuth2 access token, message: 'invalid_grant'.
I entered the client ID, secret, simple API key, location and sqlite database as the documentation says here:
https://developers.google.com/glass/quickstart/php
Any idea of what I'm doing wrong?
Thanks in advance!
This happens when the URL where you're hosting your Glassware is not listed as a valid OAuth 2.0 redirect URI on the API console. Follow these steps to resolve it.
First, determine your OAuth 2.0 redirect URI. This is where traffic goes at the end of the OAuth dance. The correct value depends on where you're running the php quick start. If you're running it on a local web server, it's likely to be http://localhost/mirror-quickstart-php/oauth2callback.php. If you're running it on example.com, it might be https://example.com/oauth2callback.php.
Go to the API console. This link will lead you to the right panel (services), but double check that you're on the correct project.
Scrolling down you should see a section of the page that looks like this: . Click on 'Edit Settings...'.
This triggers a pop-up where you can enter your OAuth redirect URIs. Add your redirect URI to the top text area. Make sure to put each URI on its own line.
Reload the page for the PHP Quick Start and everything should work.
If you're still having an issue, please share the full error message on the page and the value you have for the base url in config.php.
If you're getting the invalid_grant error from Google : Instead of using the client ID from google developer console as your value for client ID in the code, try using the email address value from developer console. This is actually what they expect. So, to confirm - the value for Client ID should be the value from developer console ending #developer.gserviceaccount.com
Had similar problem in Windows PS dotnet environment when trying to connect to DialogFlow Google Cloud Project recently and it appeared to be intermittent fault but it turned out to be global $env:GOOGLE_APPLICATION_CREDENTIALS in windows PowerShell was pointing to a key file set when first setup access to GCloud days before and since regenereated keys in GCP Console
After generating new key file and setting it with new generated key file using $env:GOOGLE_APPLICATION_CREDENTIALS="[Path_To_JSON_Key_File]" the problem went away but fix only lasted as long as the window was open, then after a while ran $env:GOOGLE_APPLICATION_CREDENTIALS on a newly opened PS window and noticed it was still pointing to the old key file!
setting the system environment variable GOOGLE_APPLICATION_CREDENTIALS to the value of [Path_To_JSON_New_Key_File] fixed it, all newly opened PS windows had the correct key file and authenticated correctly using Service Account and .Net Google Cloud API calls worked after that
I'm working on a Windows Phone 7 application that makes a REST service call. The third party that hosts the web services has an invalid certificate in the current environment. When I hit the URL in Firefox, I get a warning about the cert and I am asked if I want to continue. I'm also using the Poster FF extension to test the call. It works with Poster if I first accept the invalid cert in Firefox. If I don't, then POSTER wont make the request.
In my WP7 Emulator, I can't make the request at all. I get a 404 at the EndGetResponse method. I making the same request as in Poster, so I know there is nothing wrong with the request. I have successfully hit another web service using the same code (no certs involved), so I don't think it's the code. The only thing I can think of is that WP7 doesn't allow requests to an invalid cert. Has anyone had experience with this situation? Is there any way around it?
Is there a way I can tell my app to accept all communication, even if there is an invalid cert?
There is sadly no way to do this on the phone. Ordinarily, i.e. on the desktop this simple line of code will disable certificate checking.
System.Net.ServicePointManager.ServerCertificateValidationCallback = (se, cert, chain, sslError) => { return true; };
If you look at the ServicePointManager on the phone, there's no callback to hook into. It's a massive pain in the arrrrse.
Have you considered writing to the service owner and asking why they're being bad internet citizens? (essentially, what you're seeing here is web security in action, for better or worse)
As Matt says, you might be able to code a simple relay on a web server. It doesn't have to be a special service, but maybe just a web page that does the call for you and spits out RAW text or XML. Your phone client just GETs this page and picks through the response manually.
Where there's a will there's a way.
Luke
You need to install the root CA cert of the issuing party on the phone.
You can do this by emailing the RootCA to the user of the phone. They click on the attachement and it will prompt them to ask if they want to install the certificate on the phone.
Once you have done that your requests should go through.
I dont believe there is a way to do this programatically in your app however.
I'm not aware of a way to install additional certificates on the phone.
In this situation I'd create a proxy service between your app and the 3rd party site and have your app call that. If you need to, you could put the proxy behind a valid cert.