Application not verified. Google OAuth2 - google-oauth

Please help me!
I look everywhere but still not understanding. 
I have domain domain1.com and I want to get access to "https://www.googleapis.com/auth/spreadsheets+https://www.googleapis.com/auth/drive" scopes for my project - quickstart-111111. 
I already add my domain and verify it through DNS TXT record with the help of "https://www.google.com/webmasters/verification/home  ". Also I add my domain there - https://console.developers.google.com/apis/credentials/domainverification?project=quickstart-111111. Also I add "https://domain1.com:4455" to accessible JavaScript resources, and "https://domain1.com:4455/GoogleAcc/Register" to allowed redirect URI. 
Question is why Google say that "Application not verified". Where I can verify it?
I try to register GSuite account (https://gsuite.google.com/signup/basic/accountandrecaptcha) but it want to register my corporative email as "something#domain.com" but I already have it and do not want to migrate my email to Google!
My registration link looks like - https://accounts.google.com/o/oauth2/auth?access_type=offline&prompt=consent&redirect_uri=https://domain1.com:4455/GoogleAcc/Register&client_id=11111-hash.apps.googleusercontent.com&scope=https://www.googleapis.com/auth/spreadsheets+https://www.googleapis.com/auth/drive&response_type=code&state=/profile&nonce=1589225765743

https://support.google.com/cloud/answer/7454865
Of course I found simple answer after read a half of Google Search.

Related

access_token pull issue after salesforce login in react-native. ( redirect_uri not working )

We have 2 domain in salesforce:
1-) https://gablesinsurancerecovery.my.salesforce.com
2-) https://gableinsurancerecovery.force.com
and we have 2 user:
developer#cloudspade.com
communitytest#cloudspade.com
developer#cloudspade.com mail work with success on 1. domain but not work on 2. domain.
Likewise, communitytest#cloudspade.com mail work with success on 2. domain but not work on 1.domain.
Its not a problem. Problem is:
2.domain is important to us. Because we have a react-native project by forcereact and we want work with community domain. ( 2. domain ). We setup with successfully this link: https://www.youtube.com/watch?v=9zxMUrayFZ8&t=1634s
We was work with perfectly with the video in the link for login.salesforce.com or 1. domain but doesn't work for 2. domain.
Error is:
error image
As seen in the photo we was see a page. But our expectation was that it would working we send redirect_uri. The redirect_uri we sent was to return "girApp://success" with an access_token and instance_url at the end. But we encounter a screen as you can see in the photo. Redirect is not working. Our goal is to access the access_token with redirection within the application after login and authorize.
Lots to unpack here.
***.my.salesforce.com is your main domain, for internal users. ***.force.com is for Customer/Partner Experience Cloud (formerly known as Communities, formerly known as Portal).
developer#cloudspade.com mail work with success on 1. domain but not
work on 2. domain
Out of the box Salesforce is perfectly fine with internal users logging in to community or even 1-click switching over from internal SF to community. Collaboration and all that. Your administrator probably marked only certain profiles / permission sets as community members, you'd need to check config. But it's possible to use the community login page, you guys just chose not to.
communitytest#cloudspade.com mail work with success on 2. domain but
not work on 1.domain
Yes. Community members must use community login page. They can't use generic login.salesforce.com, test.salesforce.com or your branded ***.my.salesforce.com
works perfectly with (...) login.salesforce.com or 1. domain but
doesn't work for 2. domain
That's because most of the time the community login url must be full. Just the domain might not be enough for login because you can have up to 100 communities under same domain. You probably saw the example when you were enabling communities (Setup -> Digital Experiences -> Settings)
Go to Setup -> Digital Experiences -> All sites and write down the url you'll see there. It'll probably be something like ***.force.com/myportal. That means that for API login you might have more luck with ***.force.com/myportal than ***.force.com.
Stop reading this answer now and go read Sitecore - How to get User ID if the user was logged in using external identity provider (Salesforce SSO). Play with that OpenId Heroku app, once you get this to work with community user in the browser - you'll know which url to put in your react app. React developer might "like" this link too: https://gablesinsurancerecovery.force.com/.well-known/openid-configuration
It's kind of written in this article's footer: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_endpoints.htm&type=5
Instead of using login.salesforce.com, you can also use the My Domain,
Experience Cloud site, or test.salesforce.com (sandbox) domain in
these endpoints. For hostname, use the My Domain, Experience Cloud
site, or custom URL

Domain name change for OAuth 2.0 Client IDs leads to errors in google developers console

I have a couple of different apps hosted on netlify using google APIs that have broken now because netlify changed their hosting to point to xxx.netlify.app instead of xxx.netlify.com
When I attempt to add the new domain to my oauth client IDs under "Credentials" I get an infinitely hanging wheel of death when I click "save"
I thought that wheel of death is caused by the new URL not being registered for the app, so I went to the settings for my application and tried to add the new domain, but it is failing as well.
I go to OAuth Consent Screen -> Edit App which then has another list of "authorized domain."
In the list, I see my old domain name:
foo.netlify.com
I try to add the new name:
foo.netlify.app
However, that auto-corrects to just plain netlify.app
I try saving that and get the following inscrutable error
Error
The request failed because one of the field of the resource is
invalid.
Tracking Number: c4522674593257747
I don't see any way to read more about the error or to use the tracking number to find out more information.
Any troubleshooting pointers would be appreciated. I'd rather not start over from scratch, but at this point it looks like my best bet would be creating a whole new application and starting the whole credential/API Key process over for all of my apps that were hosted on netlify.
I got the same problem and posted it in the google group. I have a reply from google cloud support which states that only top private domain is allowed as stated here Setting Up OAuth2.0
As the error clearly denotes and explained in this document, you can use any Top Private Domain as an Authorized Domain. So it seems to be the intended behavior.
I suppose that means only the domain owner can get a credential now.

"Accounts failed to link" error happens when I try to authorize Google Assistant at my Web service

First, I'd like to mention that problems like this had been discussed before in the topics like:
How to authenticate user with just a Google account on Actions on Google?
But I could not find any information at all related to ways of linking Google Assistant app with my own web server.
Problem:
GET https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE always returns "Account field to link" error
A Way to Reproduce:
I created a new project in Actions on Google Console
I built an application using Dialogflow
I created a Heroku Web Server as my webhook (ex: webhook.herokuapp.com)
So everything worked just fine. I've successfully connected my Google Assistant app with my webhook.
But then I decided to send requests to my another one Heroku Web Server (ex: webserver.herokuapp.com) which needs a user to be logged in. So I decided to implement account linking of my Google Assistant app with webserver.herokuapp.com
I implemented Google-OAuth2 authorization at webserver.herokuapp.com. Also I want to mention that I used Client ID and Client Secret of my Google Assistant App
So, Google Authorization worked perfectly at my webserver.herokuapp.com
Then I enabled account linking settings for my Google Assistant app with Implicit Flow
So, that's it!
Epilogue
I open Google Assistant, tell it "Talk to my test app", then it greets me and offers me to link accounts. I say "yes".
Then I see how Google Assistant requests my login URL at webserver.herokuapp.com. Then I enter my Google email and password. As a result I logged in at my webserver! Then my webserver makes a redirection to:
https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE
And I get the error I've described at the top of my post.
Any help would be appreciated
UPDATE with parameter information
These are my constants:
Google Assistant Project_ID = nodejs-sdk-local-test
Google Assistant Client_ID = 1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com
state = manually_set_state_value
The flow is I open my Google Assistant and say "Ok Google, talk to my test app", it answers my request and then I say something like "do some action which need authorization". Google Assistant app offers me to link an account and I say "Yes".
This is where Google Assistant app makes a call to my https://webserver.herokuapp.com/google-oauth2 endpoint. A purpose of this endpoint is to redirect me to the Google Login Page.
Now I'm being redirected to the Google Login Page (everything seems to be correct. client_id and state parameters are similar to the constants). This is the example of an URL where I am being redirected to: https://accounts.google.com/o/oauth2/auth?client_id=1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com&redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2/&state=manually_set_state_value&response_type=code&scope=openid+email+profile
At the Google Login Page I enter my credentials and then I'm being redirected to the redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2 endpoint. A purpose of this endpoint is to register or login me at webserver.herokuapp.com and then redirect me to another Google URL. An example of the Google URL: https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=manually_set_state_value
So it seems that everything is correct. I logged in to my webserver.herokuapp.com, got an access token. Also project_id and state parameter in the last Google URL are similar to constants. Anyway, this Google URL returns me an error "Accounts failed to link"!
The most common cause of this is that you're not passing back the same value for state that was sent to you when Google redirected to your site. Make sure this is the same value and, for your security, make sure you validate the other parameters that are sent to you as well.
When the user is redirected to https://webserver.herokuapp.com/google-oauth2, there should be some parameters sent as part of the query. Those parameters include a state parameter. It should look something like this:
https://myservice.example.com/auth?client_id=GOOGLE_CLIENT_ID&redirect_uri=REDIRECT_URI&state=STATE_STRING&response_type=token
Note that while the client_id and redirect_uri are values that you should expect and test for, the state value is not one that you would have set. Google generates a different one every time. This is the state that you should be using later when you redirect to
https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=STATE_STRING

Adobe Sign access token invalid_request

I'm having trouble with Adobe Sign's OAuth authentication -- every time I try to get my access token with my Client ID and redirect URI, I get this message:
Unable to authorize access because the client configuration is invalid: invalid_request
This is the request that I have been making (with the proper substitution for REDIRECT and CLIENTID):
https://secure.echosign.com/public/oauth? redirect_uri=REDIRECT& response_type=code& client_id=CLIENTID& scope=user_login:self+agreement_send:account
I am fairly new to OAuth and don't understand what I'm doing wrong. Could someone please explain the issues that could result in this error message?
I was having the same problem. I solved it by including the correct shard in the URL after "secure." and before ".echosign". You identify your shard by looking at the URL where you created your application.
I found this information here.
Hope this helps.
Is OK to have spaces in that https request?
If you still have a problems with this.
I think your URL is not correct.
I using this one
https://secure.na2.echosign.com/public/embeddedWidget
for adobe widget.
Adobe require same url for OAuth
https://secure.na2.echosign.com/public/oauth
Check your domain, and try. You can create widget just to see your domain
This comment might get helpful for others who are facing issue in Adobe Sign access token invalid_request.
Developer Guide on Sign API: https://opensource.adobe.com/acrobat-sign/developer_guide/index.html
For the Outh process and the link to be used in user's browser:
https://secure.na1.adobesign.com/public/oauth/v2?redirect_uri=https://www.google.co.in&response_type=code&client_id=paste_your_client_id_here&scope=user_read:account
If any one using sandbox,
https://secure.na1.adobesignsandbox.com//public/oauth/v2?redirect_uri=https://www.google.co.in&response_type=code&client_id=paste_your_client_id_here&scope=user_read:account
Please ensure the correct environment identifier and shard. https://helpx.adobe.com/sign/using/identify-account-shard.html
https://helpx.adobe.com/sign/kb/unable-to-authorize-access-because-the-client-configuration-is-invalid-invalid-request-while-running-oauth-process.html
After pasting URL in browser and allowing the access to your API and getting code. Please use endpoint URL to get access token as below:
for developer account: https://api.na1.adobesign.com/oauth/v2/token
for sandbox account: https://api.na1.adobesignsandbox.com/oauth/v2/token

WeChat Social Login

I'm trying to integrate WeChat login with current system.
I own a WeChat offical account and already have AppID and AppSecret.
Server Settings enabled as well.
When I was tring to hit the QRcode scan url with my appid and my own server redirect url as parameter(example as below)
https://open.weixin.qq.com/connect/qrconnect?appid=wxbdc5610cc59c1631&redirect_uri=https%3A%2F%2Fpassport.yhd.com%2Fwechat%2Fcallback.do&response_type=code&scope=snsapi_login&state=3d6be0a4035d839573b04816624a415e#wechat_redirect
The browser threw me this error page
What I expect is something like this
Question:
1. Is it because of I didn't go through the wechat verification thus unable to obtain the user basic information?
2. How to get the wechat verification?
Is it because of I didn't go through the wechat verification thus unable to obtain the user basic information?
Yes. To integrate wechat login, your wechat official account must be verified service account (subscribe account is not supported, even it is verified). Please refer to official document for more information.
How to get the wechat verification?
To get the wechat official account verified, you can follow the steps in the customer support document.
For anyone who stumbles upon this issue, this a redirect uri issue and weixin dashboard doesn't address it properly. First of all get a your application registered and approved from weixin (very painful and long process). Then in Admin center / application details of the registered application Authorization callback domain field should be just domain name. For example xyz.com is authorized domain then authorization callback domain should also be xyz.com without any URI, but when you are making the API call use your own encoded URI so redirect_uri = http%3A%2F%2Fxyz.com%2Fwechat%2Flogin
Your Official Account must be a Service Account
In the Basic Configuration,you can add your sever's IP to the IP White List,so that you can get the access_token by your AppID and AppSecret.