I noticed that the Google OAuth consent screen shows different information in development versus production.
Development Google OAuth Consent Screen
The path for the development environment before we are redirected to the Google OAuth Consent Screen is as follows:
http://localhost/tips-and-trips-by-sham/google_calendar_add_event/
The path for the development environment for the Google OAuth Consent Screen is as follows:
https://accounts.google.com/signin/oauth/oauthchooseaccount?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=http%3A%2F%2Flocalhost%2Fgoogle_calendar_add_event_php%2Fgoogle_calendar_event_sync.php&response_type=code&client_id=179430523214-h7u06vpoj31hec4vpbn2sust7c8ltkee.apps.googleusercontent.com&access_type=offline&service=lso&o2v=1&flowName=GeneralOAuthFlow
Production Google OAuth Consent Screen
The path for the production environment before we are redirected to the Google OAuth Consent Screen is as follows:
https://shaynhacker.com/clients/travel/travel/google_calendar_add_event/
The path for the production environment for the Google OAuth Consent Screen is as follows:
https://accounts.google.com/signin/oauth/oauthchooseaccount?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=https%3A%2F%2Fshaynhacker.com%2Fclients%2Ftravel%2Ftravel%2Fgoogle_calendar_add_event%2Fgoogle_calendar_event_sync.php&response_type=code&client_id=179430523214-h7u06vpoj31hec4vpbn2sust7c8ltkee.apps.googleusercontent.com&access_type=offline&service=lso&o2v=1&flowName=GeneralOAuthFlow
Now, the information shown on the Google OAuth Consent Screen in the development environment is what I want to be shown in the production environment which is Trips & Tips By Sham and not my email address.
I followed the instructions on the relevant Google page https://console.cloud.google.com/apis/credentials/consent?project=rich-store-372122 but to no avail.
The instructions here did not meet my needs because it's showing my personal email address instead of the title I gave on that page which is Trips & Tips By Sham in the production environment.
Consent Screen Configuration/Consent Screen Details
After checking the documentation related to the Consent screen it seems that the display name and logo for a in production app are subject to the verification status of your application as shown here:
Since the problem with your application seems to be with the one in production I would suggest checking if your app needs to complete verification, if so, you can perform verification of the app following this documentation, once again the behavior seems to be expected according to this information:
Related
I've created a project on google console.
I need to get access to Drive API, so I need to configure OAuth2 settings.
It's requesting me for three kinds of information:
Credentials: I got it. I need the client ID and client secret in order to google identify my client.
Consent screen: I don't quite figure out what's that for. Is it the screen that appears when a user grants consent to application to act as behalf of him?
Domain verification: What??
When I'm creating consent screen, google is requesting me these fields (some of them are required).
I'm just creating an service for tasting Drive API. I mean, I don't have any authorized domain, homepage, policy or terms of services links. I just want to play around.
Also, google is telling me consent screen has to be verified:
Any lights please?
I noticed that a lot of apps that I use (Pokemon GO, CityMapper, Booking.com and many others) Don't display consent screen when using google sign-in, however our app always displays it to all users.
The scopes we are requesting are: email, profile, openid according to consent screen settings (https://console.cloud.google.com/apis/credentials/consent)
But in code we only request email scope. I also noticed that I cannot remove them from Google developer console consent tab
How can I make sure that consent screen is not shown?
The code we use is as simple as that:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.build();
Just wanted to add that it's absolutely not clear from any of google docs on what makes consent screen show up or not
Thanks to #steven-soneff above, the reason why my consent screen was shown is that I was requesting offline access from google oauth api
We have developed an new application which has been integrated with Google File Picker API on Client side application. We are trying to show the OAuth Consent Screen to the end user by showing the Application name " Gsuite Intergration" when the user try to login OAuth Sign In screen.
For running the application from local development server (https://localhost:4200) then OAuth pop up showing the Application name like "Continue to Gsuite Intergration" before the Sign in Header. Its expected behaviour what we are looking. Please refer the "GoogleFilePickerPopup_Localhost.png" attachment.
But when we deploying same application into the server (https://applicationname.domain.com) then OAuth pop up showing as "Continue to domain" instead of "Continue to Gsuite Intergration" before the Sign in Header. Its not expected behaviour as we need to display the Application name what we have updated Under the Oauth Consent screen. Please refer the "GoogleFilePickerPopup_server.png" attachment.
You need to request app verification so your brand configuration can be verified before the name is displayed to your users. See the OAuth App Verification FAQ about circumstances under which verification is needed: https://support.google.com/cloud/answer/9110914?hl=en#circumstances
I have a console application that uses Google's OAuth for devices workflow to authenticate users using their Google accounts (see: https://developers.google.com/identity/protocols/OAuth2ForDevices).
During the authentication process, the user is required to visit https://www.google.com/device and copy-paste a code printed by my app.
Is it possible to include the code as part of the auth url such that the code will already be filled in, and the user only has to click on to authenticate (I'm thinking on opening a browser window programatically)?
Looking for an option like https://www.google.com/device?code=ABCD-EFGH
We are implementing Google Oauth2.0 Single Sign On with our applications. We have Web application, windows desktop app, Adroid app, iPhone app.
From our applications(windows app/mobile app) when user tries to login we use below flow:
1) We get URL(https://accounts.google.com/o/oauth2/auth?client_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&response_type=code&scope=openid%20profile%20email&redirect_uri=urn:ietf:wg:oauth:2.0:oob&login_hint=myemail#gmail.com) from our API which redirect user to Google login screen
2) After authentication:
a) On first login it display consent screen with scopes(View your email address/View your basic info/Know who you are on Google) mentioned in above URL.
b) On subsequent login it display consent screen with scope (Have offline access).
3) Then Google return us a code in page title which we use for our authentication and then we allow user to access our application.
When we are using Same flow in Web application it won't ask Offline access scope screen for subsequent logins but in Desktop app/Mobile app for all the subsequent login it ask "Have offline access" scope screen.
How can I avoid scope (Have offline access) screen for subsequent login?
Please suggest.
FYI
1) I have tried approval_prompt, access_type but no change in nature.
2) We are not storing any refresh token after first authentication.