i'm trying to implement the login with google feature on my site.
Everything was good but recently i'm facing an error
You do not have permission to view this directory or page.
This error was due to a QueryString generated by google "Scope"
&scope=https://www.googleapis.com/auth/plus.me%20https://www.googleapis.com/auth/userinfo.email
If i remove the scope parameter from the url the login was a success.
This is because of modesecurity restrictions from your hosting provider, request them to disable modesecurity for your domain.I was facing same issue,after contacting to support center they disabled modesecurity and issue solved.
Related
I just started to learn about Google Analytics Embed API from "https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started"
I followed their example, and deployed my HTML file onto local Tomcat server hosting at port 8080. I've added everything they mentioned including the whitelists for the host origin etc, provided my OAuth 2.0 key
when I hit my HTML page and logged in with google, I keep on getting 403 error when requesting for "https://content.googleapis.com/analytics/v3/management/accountSummaries?max-results=0&_src=embed-api%3Av1"
Anybody has any suggestions where I might have gone wrong?
p.s. the only thing I see on my page after login with Google is "You are logged in as: ***********#gmail.com"
Thanks,
Shen
Upon checking your link, I can see that the error code is 401. Regarding that error, you can check this SO thread.
I think you need to set up a service account as advised in answer.
By setting up a service account in Google apis console it will
allow you to access your own data with out needing to login and
autenticate the code all the time.
I've been seeing "Bad Request Error 400" for the last few weeks whenever using Google signin on my Play Framework website (https://www.cointouch.com/). SecureSocial Config as follows:
google {
authorizationUrl="https://accounts.google.com/o/oauth2/auth"
accessTokenUrl="https://accounts.google.com/o/oauth2/token"
clientId="[redacted]"
clientSecret=[redacted]
scope="https://www.googleapis.com/auth/plus.login profile email"
}
In the securesocial log, the following is shown before I see the error message in my browser
redirecting to: [https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.login+email&client_id=[redeacted]&redirect_uri=http%3A%2F%2Ftest.cointouch.com%2Fauthenticate%2Fgoogle&response_type=code&state=[redacted]]
My redirect URLs are configured correctly in the Google API console.
I read that Google has deprecated some of their former signin APIs:
https://developers.google.com/+/api/auth-migration
Is there a quick-fix I can apply to my SecureSocial setup?
Having tried many remedies, and with the kind assistance of Jorge I discovered this was something to do with cookies. Deleting cookies fixed it.
I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.
I built a website with Ruby on Rails and want to use the facebook login. Using the Ominauth-Facebook gem, I am enable to log in on my computer. But when several friends tested it, they all got the error in Chrome(similar to Safari saying “Refused to display document because display forbidden by X-Frame-Options"):
It's odd because it works well in all browsers in each device of mine(desktop, iphone and laptop). On my rails config, I already set
config.action_dispatch.default_headers[:'X-Frame-Options'] = "ALLOW-FROM https://www.facebook.com"
Anything I probably missed?Thanks!
Update: the errors won't show up again if my friend somehow signed in successfully once. Even when he logout from FB and sign in on my sites. I think that's why it works all good for me
This happens because Facebook doesn't want to users enter their authentication data in iframe on another site. It's done for security purposes. To avoid this you can try add to your link:
:target => "_top"
I got this error on the facebook canvas, In order to stop this occuring i had to remove all of the loginurl parameters, im using the php sdk.
$loginUrl = $facebook->getLoginUrl();
When i try to add scope, redirect_uri it fails with the error seen in the question. I checked everything matches up on the scope to the app settings and still no joy, cannot apply any parameters. However, without the parameters my app is able to authenticate.
I'm trying to get Facebook authentication working with Devise through omniauth-facebook, I've followed the instructions here: https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview
When I follow the login with Facebook link I am redirected to Facebook to login and accept the requested permissions.
I am then taken back to /users/sign_in with the error message "Could not authorize you from Facebook because "Invalid credentials""
Looking at the server logs the redirect comes from "/users/auth/facebook/callback?code=[long text string]" which is being processed with Users::OmniauthCallbacksController#failure rather than Users::OmniauthCallbacksController#facebook as I would have expected if it had worked.
Any suggestions as to why this is happening and how to resolve it much appreciated.
Ok, I had the very same issue. The reason for me turned out that I had defined this line in config/initializers/devise.rb:
config.omniauth :facebook ...
The app id and app secret were defined for my test Facebook app, and for production one. Fixing those id:s now fixed the problem.
facebook changes protocol from oauth to oauth2
the main difference that credentials (id, token, name..) now packaged into one hash. You should parse.