Comply with domain verification requirements - google-oauth

We are working on the Oauth Consent screen and it is stuck at below screen even after the completing the domain verification process even after a week.
please let us know how to move it forward.
Verification Status
Pending developer action
Complete all actions below. Update your email thread with our Trust and Safety team after you have completed an action. The Trust and Safety team will continue the verification process once all actions are completed. Learn more
Action Required
Comply with domain verification requirements
Ensure your application's domains have completed the Search Console verification process

after submitting the app, I got email with such content:
[Action Needed] Verify Domain(s)
Hi,
Thanks for your patience while we reviewed your project.
To continue with the verification process, you need to update your project PROJECTNAME (id: projectid) to comply with our requirements.
Domain Verification
Please verify the ownership of the following domain(s):
fqdn.com, fqdn.eu
Go to the Search Console to complete the domain verification process. The account you use must be either a Project Owner or a Project Editor on PROJECTNAME (id: projectid).
If the listed domain(s) are not required for the project, please remove them from the authorized domains section of your OAuth Consent Screen in Google Cloud Console.
Please note: The project you are seeing is your own.
When you've made these updates to your project, please reply to this email to confirm that you're now in compliance.
If you have any other questions, you can read the OAuth Application Verification FAQ or reply directly to this email.
GO TO MY CONSOLE
Thanks,
The Google Cloud Trust & Safety Team
The key sentence is
When you've made these updates to your project, please reply to this email to confirm that you're now in compliance.
Yes, reply to email for manual reapplication!!!

Related

avoid auth token to expire

I want to use the gmail api to update myself about the status of a programm I'm running locally 24/7. Basicly once a day it should send me a status report per email from the emailaccount I created just for this case to the same account.
I've got a project set up, the api enabled, got my credentials and created a token.json file. I managed to have it send me emails yada yada yada.
I concentrated on the further development of the programm for some time and then wanted to jump back to this to test out another feature where I wanted to implement a ping me feature. I'd send myself an email asking for a ping back just to check if my program is still running.
While doing that I noticed that my token expired. I tried reading into what I can do about that. Ideally I'd like to have the program just run autonomously. I read for my case that a service account would be ideal but after setting that all up and 2 hours later after a lot of errors I read that interacting with the gmail api with a service account is only open to workspace users since I can't delegate domain-wide authority without one.
So after some further reading I read that next to the access token I created I can refresh that token with refresh tokens. for that I was trying the request function noted in the quickstart tutorial:
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
now running creds.refresh(Request())
I get this error:
google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})
Upon further reading here I read that refesh tokens are only available to projects whose status is set to in progress and not in testing. Projects set to testing are required to have the user manually log in at least once a week which I don't want.
Now for me verifying my project doesn't make sense since I won't have any other users using my access to the gmail api and frankly I wouldn't want that either.
What are my options here to have the script running continuously without having to manually sign in once a week? Considering also that I will be at all times the only user.
Thank you,
Florens
Your still have a few options. For one, you could get a Google Workspace account. The lowest tier would set you back around $6 per user per month. This would allow you to publish the app as internal-only and you don't need to go through the verification process, but you can only use the app with the Workspace account. You can still send emails out to any addresses, though.
If you don't want to pay, you can still set your app to Published status and you do not necessarily have to go through the verification. There are some limitations, such as the app warning that shows up when signing in and a user cap of 100 users, but since you know that the app is safe and you don't need more users you can just ignore this, Google says so in their own documentation:
What app types are not applicable for verification?
Personal Use: The app is not shared with anyone else or will be used by fewer than 100 users. Hence, you can continue using the app by bypassing the unverified app warning during sign-in.
As you already know, the refresh token expires in 7 days only when the app status is set to "testing", so as long as you have it set as "In production" and ignore the unverified app warnings, you should be able to have a normal refresh token that you can use without needing to sign in every 7 days.
Just keep in mind that other users could have access to the app but if you're careful to keep your OAuth credentials to yourself that should not be an issue.
Sources:
Unverified apps
OAuth API verification FAQs
OAuth overview

"Send With DocuSign" URL Button Works In Sandbox But Not Production

An APEX email error is received when trying to utilize the "Send With DocuSign" URL button on the contract object in Salesforce. This button was just created to meet the requirements to move from a JavaScript button. The button does not trigger an error in Sandbox, works as expected. But I can not replicate in production without getting the error shown below. Any idea on how to get this resolved?
Developer script exception from Franklin Madison Group : DocuSignAPICredentials : Please verify that you have been granted access to DocuSign, your account settings are correct and that you have responded to all activation emails.
Apex script unhandled exception by user/organization: 0053n000007GFbq/00D70000000Je65
Visualforce Page: /apex/dsfs__docusign_editenvelope
caused by: dsfs.UnauthorizedException: Please verify that you have been granted access to DocuSign, your account settings are correct and that you have responded to all activation emails.
Class.dsfs.DocuSignAPICredentials.getInstance: line 71, column 1
Class.dsfs.DocuSignAPICredentials.getInstance: line 56, column 1
Class.dsfs.AccountFeatures.getInstance: line 139, column 1
Class.dsfs.EnvelopeController.loadEnvelope: line 164, column 1
Cause
Common causes for the issue are listed below,
The DocuSign user associated with the Salesforce user sending the envelope is not active
The Salesforce user has not been added to the DocuSign users list in DocuSign Setup settings (in Salesforce)
You are attempting to use Salesforce Login Access on behalf of a user "not yet Authorized DocuSign eSignature for Salesforce (DAL)"
Note: If the user hasn't authorized already, please refer to Step 4 in this article
Solution
Before continuing, ensure that you are on the most recent version of DocuSign eSignature for Salesforce (DAL). If you are on an outdated version, some of these steps will be unavailable.
To resolve this error, you’ll need to verify both issues that cause this error has been addressed.
First, you’ll need to verify that this Salesforce user has been added to DocuSign.
To verify if a Salesforce user has been added properly:
Navigate to DocuSign Setup.
Select User Management, then select Add User.
Enter the name of the user in the Value box. When they appear in the search results, select the checkbox next to their name and select Continue.
Assign the appropriate permissions to the user and select Apply. If your package is up to date and a DocuSign user already exists for this user, the Salesforce user will be mapped to their existing DocuSign user.
Click Done to finish.
Second, verify that the DocuSign user associated with this Salesforce account is active.
To check if a user is active in DocuSign:
Navigate to the DocuSign web app and select Settings.
Navigate to Users and search for the user in question.
If the user is not active, select Actions > Resend Invitation to send the invite to the user again.
To activate a user:
The User will need to navigate to their email client and open the invitation email.
Click the link in the email to activate.
Create a password and security question.
Once the user is active, have the user attempt to send an envelope from Salesforce to confirm the issue is resolved.
Additional Troubleshooting
If the DAL Admin and all users are noticing the same error, try to disconnect and reconnect.
Steps to Disconnect [Note: Disconnecting accounts will remove the DocuSign Gen and DocuSign Negotiate permissions for the Salesforce users that were given access under the old connection. You have to re-add DocuSign users and permissions in your organization.]
Steps to Reconnect
If the Salesforce Administrator attempting to make this change is unable to access the DocuSign Setup object, ensure that they have the correct permission set assignment to access the object.
To view permission set assignments in Salesforce:
Navigate to Setup, select Users.
Navigate to the user in question and open their profile.
Navigate to Permission Set Assignments, if the DocuSign permissions are missing, edit the section and add DocuSign Administrator.
Note: If you are running both DocuSign Apps Launcher and legacy DocuSign eSignature for Salesforce, you will see duplicate permission sets with similar names. Add both to ensure correct permissions are applied to the user.
Retest to see if the user can access DocuSign Setup. If it’s still failing, follow the steps in this article to navigate to the DocuSign Troubleshooting page and select Delete DocuSign Credentials. You should then be able to navigate to DocuSign Setup and reestablish the connection between DocuSign and Salesforce.

Is there a way to test verification emails using Karate?

The problem I have is that I need to test if user verification is working. We generate a verification token, and an email is sent to the user. Whenever the user clicks on it, it checks if the verification token has expired. I've tried mocking this, but it just won't work. We have an endpoint to verify a user, but we still need the verification token, which is not available on any endpoint.
I think this article may help you: https://www.testingexcellence.com/automated-api-testing-emails-karate/
To summarize:
use the API at http://qamail.ala.se/ to create a test mailbox
initiate the flow that sends the e-mail
use the API to "read" the e-mail and grab the token
EDIT: looks like the link is dead. but you should be able to find similar offerings on the internet. since the source-code seems to be available, it may make sense for you to host this e-mail server somewhere so that it can receive e-mail from whichever system is the sender

How can I get PLAIN authentication working with Google's IMAP server?

So for a while I've been relying on the PLAIN support for logging into Google's IMAP server in my email client. Recently they started blocking that and return an error (despite listing it as a supported authentication method).
For instance take this example:
Connected to 'imap.gmail.com:993' using SSL
A0001 CAPABILITY
* OK Gimap ready for requests from ##.##.##.## cd6mb38777249ieb
* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=XOAUTH
A0001 OK Thats all she wrote! cd6mb38777249ieb
A0002 AUTHENTICATE PLAIN
+
####################################
* NO [WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbszktZSU6iVmh...snip....] Web login required.
A0002 NO [ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure)
SSL connection closed.
ScribeImap_Thread.cpp:647 - Connect to imap.gmail.com:993 failed.
I've tried opening the "https://accounts.google.com/ContinueSignIn..." URL in my browser:
And I get redirected to https://myaccount.google.com/ but the next login attempt fails as well. So it doesn't seem to change the authentication at all.
Is the PLAIN authentication just blocked completely or am I doing it wrong?
Alternatively is there a authentication method that works and DOESN'T need a browser component to log in? (XOAUTH2 seems to need a web login as well)
It's pretty official:
http://googledevelopers.blogspot.com.au/2015/04/a-final-farewell-to-clientlogin-oauth.html
They have shut off PLAIN login completely and it's not coming back.
So there are two options:
Turn on "less secure apps".
Implement OAUTH2.
I've decided to implement OAUTH2 support (which isn't too far off working actually). Initially I thought I would need an embedded browser component in my app, but it turns out that I can launch the system browser and the user can copy the token across in a some what manual process.
Interestingly for those working on OAUTH2 support in their software, Google have setup a playground to see the whole process in practice:
https://developers.google.com/oauthplayground/
I see that this is an old post, but after fighting with Outlook for over a year to get my mail, I FINALLY got it working again.
The first thing I had to do was log into my my Gmail account and turn off the button labeled "Less secure apps" as Outlook is in that category.
Go to the "Less secure apps" section in My Account.
Next to "Access for less secure apps," selectTurn on. (Note to Google Apps users: This setting is hidden if your administrator has locked less secure app account access.)
And if you have 2-step verification on (as I did), it will still make Outlook fail. So the next thing you have to do is create an app password which will generate a password for you, and you use that in Outlook for it to sync correctly.
Visit your App password page. You may be asked to sign in to your Google Account.
At the bottom, click Select app and choose the app you’re using.
Click Select device and choose the device you’re using.
Since Outlook will not be listed, select Other and type in Outlook for future reference.
Select Generate.
Follow the instructions to enter the App password (the 16 character code in the yellow bar) on your device.
Select Done.
Copy the password that was generated.
Open Outlook and paste the password in the Password section. DO NOT use your regular password.
Your mail will sync without anymore issues. (Hopefully)
Once you are finished, you won’t see that App password code again. However, you will see a list of apps and devices you’ve created App passwords for.
I hope this helps everyone who is having an issue. And I hope these directions are easy to follow! Good luck everyone! :-)

Docusign API - "This Account lacks sufficient permissions"

I have tried the solution in this post:
"This Account lacks sufficient permissions" DocuSign
I'm having the same trouble as this user:
http://community.docusign.com/t5/DocuSign-API-Integration-PHP/This-Account-lacks-sufficient-permissions/td-p/17525
Everything is checked:
Account-Wide Rights
Send On Behalf Of Rights (API)
Sequential Signing (API)
I notice user's issue was fixed when Ergin enabled "Embedding". Is this in option that must be turned on by Docusign? I could not locate it in the Admin. Thank you for any assistance.
how long ago did you create your DocuSign demo account? If it was created before April 2013 then this error might be due to the Embedding functionality you've mentioned and we would have to enable this option for you from DocuSign's side.
If you've created this account April or later then that option should be turned on your account, and you might be having an issue with your authentication. Are you using the SOAP api or the REST api? They have different authentication methods between the two. Also, please post your API account ID so we can check your account settings. Feel free to email me if you don't want to share (ergin.dervisoglu#docusign)
One last thing... please start using DocuSignAPI tag when you post here. The DocuSign tag should be used for non-technical DocuSign questions...