I am developer and maintainer of an Angular web app which uses Google OAuth. This works normally.
Last week the app users (me including) started receiving standard Security alert emails from Google (no-reply#accounts.google.com) on a daily basis. The Email says "Appname was granted access to your Google account". This is of course bad signal to the users.
When clicked on "Check Activity" in the Email it always says:
Unrecognised device
X hours ago
Unknown (location)
This is the case for all users tested on many different devices and IPs.
Recently I have upgraded from Angular 5 to Angular 7 if that might help.
Also recently I noticed absolutely the same behaviour when I sign-in to Dropbox using a Gmail. The application I am responsible for is not storing session data for privacy reasons so the users are asked to Sign-in with Google every time they want to use the app. I noticed this behaviour just a week ago (devices and locations not recognised) by Google.
The google group (https://groups.google.com/forum/#!forum/oauth2-dev) redirected me to Stackoverflow. Any help is much appreciated! :)
We are sending notifications to users when they approve certain scopes. That list is expanding and more apps will see the notification.
Thanks for the feedback. Looks like the unrecognized device was an issue and we have rolled back that experiment.
Ideally an app should see the notification only once and for non basic scopes (basic scopes being email, profile etc).
Related
Last year I developed a chatbot with Microsoft Bot Framework that I integrated in the Facebook Messenger of a page. Everything worked fine until 16th of December (last successful log). The page is not used by a lot of people therefore the application might have worked also longer than that.
Today I tried to use the chatbot again and I did not get any response. In the Logs I just found the error message "Operation returned an invalid status code 'Forbidden`".
After a bit of Debugging I found out that the problem is sending messages back to the Facebook Messenger.
context.SendActivityAsync(...)
I did not change any configuration within my Azure Bot Channel registration recently. I am aware of the privacy changes within the Facebook API, but as I already struggle with sending a simple text response like "Hi" I assume that cannot be the problem. Also the permission scheme has changed for Facebook apps. I have the permission for "pages_messaging". Do I need another permission now? Or did I miss another change in the Facebook API?
Technical Details:
Facebook API Version v6 (tried also v9 but no change in behavior)
Chatbot based on .Net Core 2.1
Bot Builder SDK v 4.11
Any hints what I did wrong or where I can look for further information is much appreciated.
Edit: I tried to add a new page to my Facebook App and get following message:
There is a hint that a permission is missing, but I cannot find out which one I require. As I only send responses to FAQ's and if required handover to the customer service inbox I just requested the "pages_messaging" permission. Do I require any other permission now?
I found the problem. For everyone that might have the same problem:
In our case the administrator that added the Facebook pages to the application was removed from the admin permission list of the pages. After re-adding the admin permissions for the pages the bot started working again.
When I try to publish my app on the Gsuite Marketplace via GCP, I find no way to change the setting 'Visibility'. Event if the app has never been published.
Between the two options (My Domain - Public), My domain is selected and can't be switched to Public, so nobody has access to my app.
Any help?
I've tried to contact the support and find help on forums but no answer at all.
First step, I'd recommend reviewing Choosing where to publish to ensure that you've published to the correct location. As noted under Publish your app (before you publish), your app is reviewed to determine if it meets the requirements for the relevant store. Additionally, your application may also have to undergo OAuth verification (I think this could be the problem) , and security assessment if it accesses user data, such as Gmail, Drive, Contacts, or Calendar
If your app is exempt from verification or if you've already undergone assessment and been approved, and your issue persists, I'd recommend contacting Marketplace Developer Support, via the below steps, who can assist you with your publishing issue.
Navigate to the new Developer Dashboard.
Click Contact Us.
The Developer Support contact us form is displayed.
I've tried to contact the support and find help on forums but no answer at all.
How did you contact Google Support? They have many teams and sometimes agents are not aware of the scope of support. Personally I would contact GCP Support first to verify your App in GCP, once they confirm everything is working from their end they need to route the case to GSuite with an Admin Console specialist to debug the problem
We have an application that currently supports users integrating their Google accounts to allow us to index their Gmail, Google Drive and Google Calendar content. We use the Google OAuth process to ask for these permissions, and had gone through Google's verification process in the past to support this.
Recently, Google rolled out a new OAuth verification process for restricted scopes (which now include reading gmail and calendar). We've been engaged in completing the new process for weeks now, and they've been very slow to respond, and have even temporarily blocked us from authorizing new users. Our latest communication with them had them claiming that we were a "development" app and that we should submit for verification when we are in production. I responded to them saying that we are a production application, just have an invite-only process to let new users in, but have 1000s of users and are expecting to grow very quickly in the new few months. Given the amount of frustration their support has already caused me, I'd really like to get in touch with a real person there. Does anyone have any suggestions for how to get in touch them?
If anyone from Google is on this forum, I'd also love to get some help. This is holding up us letting in new users into our product.
Have already responded to the thread saying that we're a production app. Have also forwarded the thread to oauth-feedback#google.com.
A client is using Coschedule to push updates to LinkedIn via their employees' profiles. They noticed recently that Coschedule is giving error messages when they try to push updates to employee pages. The Coschedule technical team did some digging and determined it's an issue with LinkedIn's API, which they believe may have been updated recently (?).
Errors started occurring a couple weeks ago, the app was previously running fine.
They are hoping for more information on LinkedIn's API / how to resolve this as soon as possible as it's generating multiple error message and error emails per employee per day.
Thanks!
Tia
The outage we saw a few weeks ago was due to LinkedIn depricating the version of OAuth we used to connect LinkedIn profiles/company pages to Calendars. We've since switched to OAuth2, and if your client or your team is still having issues and seeing authentication errors when trying to send out messages, we recommend doing a hard reset of those LinkedIn profiles: https://help.coschedule.com/hc/en-us/articles/216529237-Hard-Reauthentication-for-Social-Profiles-When-Auth-Token-Keeps-Failing#LinkedIn
Best practice is to use an incognito browser window as well.
If you're still getting stuck, reach out to our support channel (support#coschedule.com)and we would be happy to take a closer look!
It seems that as of some time yesterday, single sign on with Google Apps (OAuth 2.0) stopped working completely for various Google Apps Marketplace installs.
Users get the following error when trying to log in:
That’s an error.
Error: policy_enforced
Application: ....
You can email the developer of this application at: .....
Access denied by a security policy established by the Google Apps administrator of your organization. Please contact your administrator for further assistance.
What we found is not the cause:
It's not a security policy change as the error says. It suddendly happens to many installs accross organizations, and none of them have made any changes.
We haven't made any changes to the app, and searching Twitter reveals it's happening to multiple vendors.
What we have found these installs to have in common (so far), is that all of them are installs which were migrated from the Google Apps Marketplace V1 to GAMv2 recently. This happened months ago though and there have been no problems logging in since, the problem just appeared suddenly yesterday.
Is this a new bug in Google's authentication mechanism, any ideas what to do on fixing it?
We fixed the problem by replacing our auth scopes sent by our client:
'email' -> 'https://www.googleapis.com/auth/userinfo.email'
'profile' -> 'https://www.googleapis.com/auth/userinfo.profile'