I can't get the client token code from google spreadsheet addon gravity forms. I have got the Client Id, the secret code and I have filled the domain, etc. But i dont know how to solve this issue.
Error: redirect_uri_mismatch
The redirect URI in the request, https://findoit.app/, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/125591414320-20nvdkbr8cepaf436densffj569492bf.apps.googleusercontent.com?project=125591414320
How to set-up the redirection URI
Go to your cloud console
Choose a project
Go on APIs & Services -> Credentials
+Credentials
Create OAuth client ID
Choose Web Application
Specify Authorized redirect URIs
If required: add the URI to the authorized domains list before submitting
Create credentials
Related
I have a webapp that uses google authentication. When I click on the login, it gets the following error:
The redirect URI in the request, http://campus-study-2019.appspot.com/oauth2callback, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/477760217336-q6bdhcdqvsrf56kaa7k0ifennf775lug.apps.googleusercontent.com?project=477760217336
When I try to add
http://campus-study-2019.appspot-preview.com/oauth2callback to my Authorized redirect URIs in the Google Cloud platforms. I get the following:
Invalid Redirect: You are using a sensitive scope. URI must use https:// as the scheme.
Does anyone have any idea?
However, previously (1-2 months ago) I could easily add http in the list of authorized redirect URIs
Make sure to check the protocol "http://" or "https://" as google checks protocol as well. Better to add both URL in the list.
& or &?
trailing slash(/) or open ? (CMD/CTRL)+F, search for the exact match in the credential page. If not found then search for the missing one.
Wait until google refresh it. May happen in each half an hour if you are changing frequently or it may stay in the pool.
For your reference, please check the below link where you could check other options about your issue:
Google OAuth 2 authorization - Error: redirect_uri_mismatch
The error is due to there being at least one restricted scope added to the project where the OAuth client ID resides.
You can see the set scopes for Google APIs by going to your project in the Developers Console -> APIs & Services -> OAuth consent screen. To fix the error there are two options:
Remove the restricted scopes from the project (there will be a warning icon next to them on the OAuth consent screen page)
Add only HTTPS URLs as authorized restricted URIs (https://campus-study-2019.appspot-preview.com/oauth2callback in this case)
We have an on-prem asp.net core app that leverage AAD for authentication, the app is setup to run in both:
http://domainserver/app
&
https://domainserver/app
In Azure AD the reply url for the application is setup as
http://domainserver/app/signin-oidc & https://domainserver/app/signin-oidc
When using http url, the sign-in process works fine, however in https mode, we get the following error:
AADSTS50011: The reply address ‘https://domainserver/app/signin-oidc’
does not match the reply addresses configured for the application:
appguid . More details: not specified
The reply https url is setup in AAD for the App exactly as it appears in the error message, so I’m not sure why it says it’s not matching.
One reason I can think of is that the SSL certificate used for https is a local domain signed certificate, and somehow it’s causing the error. But I’m not sure if that’s the case since AAD is just responsible to redirect back to the specified url, should not really care or know about the validity of the SSL.
Here is the image showing the setting url, the redirect url and the error message url matches exactly. You just have to trust me the part that's blocked out are also the same. :)
Anyone got any ideas why this happens?
Protocol matters. Azure AD will treat http://website.com and https://website.com as different reply URLs. However Azure can only let your put in multiple Reply URLs in a same domain. There is a case solution may be helpful to you:
Issue: Using the Azure AD authentication option to sign into the Skype for Business (SfB) Web SDK and you are seeing an AAD error page . The error page should have this message:
"AADSTS50011: The reply address 'https://...' does not match the reply
addresses configured for the application <...>"
Solution:
You need to configure the main domain name where you're hosting your app as a reply URL in the AAD registration for your app and pass it as the redirect_uri when redirecting to AAD to allow the user to sign in.
You should be using code like this to redirect the user to enter her credentials to sign into Azure AD:
var href = 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=';
href += client_id + '&resource=https://webdir.online.lync.com&redirect_uri=' + window.location.href;
window.location.href = href;
Note In the code above that we are using window.location.href as the value of the redirect_uri query parameter in forming the URL of the AAD endpoint where the user will sign in. This parameter tells AAD to redirect the client browser and the access token obtained by signing into AAD back to the page we're currently on - the main app page. However, AAD will only redirect the access token to URLs that are specified as Reply URLs in the app registration in AAD.
Follow these steps to check your configured Reply URLs and add additional ones:
Sign into portal.azure.com with an account that's an administrator on your tenant.
Navigate to Azure Active Directory in the left side bar > App registrations > Your app > All settings > Reply URLS.
Type the domain name where you're hosting your app and click Save.
This solution is from this document.
Update
According to your screenshot, your Reply URI is different:
https://domainserver/app/signin-oidc
is not in your Reply URL list,
in your Reply URL list is
https://domainserver/app/signin-odic
Go to change them as same URL .
When i try get access token via oauth (oauth screen with Allow button) on my local machine it works, but when i do the same on test server: i get oauth screen, i press allow and it's redirects to callback uri with code, and then app asking for token (i use PHP lib):
$client->authenticate($request->get('code'));
$access_token = $client->getAccessToken());
and i get null in response and application does not get authorized and it's not in authorized apps in google account.
I've checked redirect URLs listed in Google APIs - everything matches!
And i don't get any errors from google, it's just redirects to callback url and not adds application to authorized apps list.
But it works on local with same credentials. Any one can help me and guide where the problem can be?
Solved. I did not set redirect url before $client->authenticate($request->get('code'));
I am using a custom local URL for development of a project that authenticates with both Google and Adwords using OAuth2.
The entry in my /etc/hosts file looks like:
127.0.0.1 sub.example.dev:3001
In the Google Cloud Platform console I have an OAuth 2.0 client ID setup with:
type: Web Application
Authorized JavaScript origin: http://sub.example.dev:3001
Authorized redirect URIs:
http://sub.example.dev:3001/auth/adwords/callback
http://sub.example.dev:3001/auth/google/callback
I authenticate with with both Google and Adwords separately. Previously I was using localhost:3001 instead of the custom URL which was working for both Google and Adwords. After switching to the custom local URL the Google auth still works, but when I try to authenticate with Adwords I get a redirect_uri_mismatch error.
The error page tells me that "The redirect URI in the request, sub.example.dev:3001/auth/adwords/callback, does not match the ones authorized for the OAuth client." The URI reported here is exactly the same as what I have as an authorized redirect URI (minus the protocol).
Why does this work with Google OAuth, but not Adwords? How can I get a custom local redirect URL to work with Adwords OAuth?
Thanks!
I found the issue, and there was a hint in the question itself. The redirect URL that I pass during the OAuth flow needs to contain the protocol and I had missed that in my config.
The redirect URL I was passing in the OAuth flow was sub.example.dev:3001/auth/adwords/callback
I changed it to http://sub.example.dev:3001/auth/adwords/callback and now it works! :D
This is from the google federated login description
"Once Google accepts the authentication request, the user is redirected to a Google authentication page. At this point the authentication sequence takes over. On successful authentication, Google redirects the user back to the URL specified in the openid.return_to parameter of the original request."
I assume my web app is responsible for the redirect 'to a Google authentication page' mentioned here? I dont see how google can make this redirect.
And If my webapp does the redirect, how do the openid request parameters get sent to google?
On reading some more, its only possible that once "Once Google accepts the authentication request", (I assume the requesting party gets a 200 http status), the requesting web application now adds the same parameters that had been posted to google login endpoint to a google authentication url and then redirects the user to this url