I have implemented the Sign in with google option in my web app. (JSP page, Tomcat server, localhost:8080)
Google sign-in works fine while running it in localhost, but the sign-in option is not working while running the web app using IP address, it results in "Access blocked: Sign in with google’s request is invalid". Error 400: redirect_uri_mismatch.
So I thought I need to add the IP address in the developer google cloud console as an authorized origin, But it won't allow IP as an authorized javascript origin.
How can I add my IP address(172.22....) as an authorised javascript origin, So that sign-in with google option works?
clich here to more details
Basically, I'm trying http://172.22.... instead of http://localhost:8080
Using private IPs is not allowed.
See https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling and the host section of https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation.
Related
So I am trying to use an OAuth 2.0 Client to authenticate my replit project. It gives me the link in the replit console to the web page, but says it is an invalid request when I reach the page.
The issue now relies in that I cannot figure out which URI I need to use, these are the ones I tried (Jumpedia is my project name): Authorized URIs
I also tried entering ":80" for the port that replit uses. Does anybody know which URI I should be using for replit?
I've followed the steps google has provided for integrating sign-in, provided here: https://developers.google.com/identity/sign-in/web/sign-in within my MERN stack application.
The button that I've created, correctly redirects to the google authentication site. However, after the user is authenticated with google, the google authentication site is closed and no redirection occurs. I'm expecting to be redirected to http://localhost:3000/profile after a user is authenticated.
I've set Authorized JavaScript origins to http://localhost:3000 and Authorized redirect URIs to http://localhost:3000/profile.
How can I update my code to have this redirect as expected?
If your code for authorizing with google lives in your server file, wich is running on a diffrent port than port 3000 you should set your JavaScript origins to the port of the server. Not the port of your react app.
This article covers the whole proces of using oAuth in the MERN stack step by step: https://medium.com/#maartendebaecke2/mern-stack-implementing-sign-in-with-google-made-easy-9bfdfe00d21c
I've set up an ASP.Net Core project to use Google OAuth signin from this tutorial
I created a client ID & secret using the settings 'Web server' with address 'https://localhost:5001/signin-google' and exposed the secrets to the app as described in the tutorial. I have a basic view which is just the minimum required HTML & JS to show a 'Sign in with Google' button and allow authentication (verified working on localhost).
I created a deployment in a docker container on a Raspberry Pi on the local network. When I navigate to the view with the Google sign in button and click it, I get an error of
Error: invalid_request
Permission denied to generate login hint for target domain.
In the error details it specifies the redirect URL as:
redirect_uri=storagerelay://http/x.x.x.x:8000?id=auth572720
where x.x.x.x is the address of the Pi on our local network
I am assuming this is because the client expects a redirect URL of 'https://localhost..etc' but is getting 'http://x.x.x.x'.
I am unsure how to solve this, it seems like I may need to create another token to enable authentication on my Raspberry Pi (e.g. create another 'web server' OAuth sign in using the re-direct address 'http://x.x.x.x.etc/signin-google' but when I try this I get an error of 'Must be a top private domain'.
All in all this is very frustrating, and I would appreciate any help.
There is no need to create a new credential, just add the new redirect URL to the existing credential.
The redirect URL domain must be a TLD. Choose something like localhost.mydomain.com and then add an entry in your /etc/hosts file to resolve localhost.mydomain.com to x.x.x.x
When i try get access token via oauth (oauth screen with Allow button) on my local machine it works, but when i do the same on test server: i get oauth screen, i press allow and it's redirects to callback uri with code, and then app asking for token (i use PHP lib):
$client->authenticate($request->get('code'));
$access_token = $client->getAccessToken());
and i get null in response and application does not get authorized and it's not in authorized apps in google account.
I've checked redirect URLs listed in Google APIs - everything matches!
And i don't get any errors from google, it's just redirects to callback url and not adds application to authorized apps list.
But it works on local with same credentials. Any one can help me and guide where the problem can be?
Solved. I did not set redirect url before $client->authenticate($request->get('code'));
I am using a custom local URL for development of a project that authenticates with both Google and Adwords using OAuth2.
The entry in my /etc/hosts file looks like:
127.0.0.1 sub.example.dev:3001
In the Google Cloud Platform console I have an OAuth 2.0 client ID setup with:
type: Web Application
Authorized JavaScript origin: http://sub.example.dev:3001
Authorized redirect URIs:
http://sub.example.dev:3001/auth/adwords/callback
http://sub.example.dev:3001/auth/google/callback
I authenticate with with both Google and Adwords separately. Previously I was using localhost:3001 instead of the custom URL which was working for both Google and Adwords. After switching to the custom local URL the Google auth still works, but when I try to authenticate with Adwords I get a redirect_uri_mismatch error.
The error page tells me that "The redirect URI in the request, sub.example.dev:3001/auth/adwords/callback, does not match the ones authorized for the OAuth client." The URI reported here is exactly the same as what I have as an authorized redirect URI (minus the protocol).
Why does this work with Google OAuth, but not Adwords? How can I get a custom local redirect URL to work with Adwords OAuth?
Thanks!
I found the issue, and there was a hint in the question itself. The redirect URL that I pass during the OAuth flow needs to contain the protocol and I had missed that in my config.
The redirect URL I was passing in the OAuth flow was sub.example.dev:3001/auth/adwords/callback
I changed it to http://sub.example.dev:3001/auth/adwords/callback and now it works! :D