I try to make a web page for youtube video upload, therefore I try to get the client id from google api console, and in the api console it shows something like this:
Client ID: 533832195920.apps.googleusercontent.com
Redirect URIs: http://bobyouku.ap01.aws.af.cm/testyoutube.php
https://developers.google.com/oauthplayground
However when I try to test my account using the following URL:
https://accounts.google.com/o/oauth2/auth?client_id=533832195920.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Fbobyouku.ap01.aws.af.cm%2Ftestyoutube.php&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube&response_type=code&access_type=offline
It gives out the result of invalid_client. Even when I try it on oauth2 playground, same fail occurs
So anyone knows what's happen?
Set/change your product name, I had this issue until I created a product name as same as project name.
The product name can be set in the Consent screen section of the Google Developers Console for your project. Look under APIs & auth in the left navigation and select Consent screen.
You need also to set your email address in the box above the product name.
After copy values from Google web UI, I had a blank space for:
client_id
secret
And at the BEGINNING and at the END for both.
This happens even when clicking on the "copy" button.
Trim the leading and trailing white space from both the client_id and client_secret. Google's copy button does not do this for you.
Set both the email address and product name fields for the OAuth consent screen.
Setting EMAIL ADDRESS and PRODUCT NAME in the consent screen of Google developer console, solves the error "Error: invalid_client. The OAuth client was not found." for me.
I had .apps.googleusercontent.com twice in my ID.
It was a copy and paste issue "Your ID HERE".apps.googleusercontent.com
invalid_client can also simply means that your client ID and client secret are wrong when you create your Oauth2 object.
in this thread i found my answer.
I went to google console,
generate a new project, made refresh, because in my case after create the page didn't reload
select new project
create a client ID
use it for what you need
thanks guys :D
In my case this turned out to be something else, namely my code used an environment variable that hadn't been set properly (and stupidly wasnt checked by my code). Setting it, recompiling assets, and restarting the app did the trick.
If you follow the documentation, from this page
https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id
you'll see
<meta name="google-signin-client_id" content="YOUR_CLIENT_ID.apps.googleusercontent.com">
But it's wrong. It should be
<meta name="google-signin-client_id" content="YOUR_CLIENT_ID">
The issue is that the '.apps.googleusercontent.com' gets added anyway. If you do it like the documentation says, you get '.apps.googleusercontent.com' twice
I solved this by removing unnecessary quotes from my clientID and clientSecret values.
Did the error also report that it was missing an application name? I had this issue until I created a project name (e.g. "Project X") in the project settings dialog.
probably old credentials are invalid
see the answer below
stackoverflow answer
or short names may work
see the answer below
stackoverflow answer
or product name same as project name as answered already
at times one may include extra space in the
check twice this line so that you are redirected to the correct url
I solved my problem with trim :
'google' => [
'client_id' =>trim('client_id),
'client_secret' => trim('client_secret'),
'redirect' => 'http://localhost:8000/login/google/callback',
],
None of the following were my issue - I resolved this by opening an incognito window. Something was obviously being cached somewhere, no amount of changing auth client settings helped and there were never any trailing or leading spaces in config values.
Check your Project name on Google APIs console.
you choose another project you created.
I was same error.
my mistake was choosing diffirent project.
At Credentials
Accept requests from these HTTP referrers (web sites) (Optional)
Use asterisks for wildcards. If you leave this blank, requests will be accepted from any referrer. Be sure to add referrers before using this key in production.
Add . (star dot star) . It work fine for me
I accidentally had a value in the Client Secret part of the URL, but Google Credential does not need a Client Secret for Android OAuth 2 Client IDs. Simply leaving the value blank in the URL did the trick for me.
Steps that worked for me:
Delete credentials that are not working for you
Create new credentials with some NAME
Fill in the same NAME on your OAuth consent screen
Fill in the e-mail address on the OAuth consent screen
The name should be exactly the same.
Another thing to check:
When you install the GoogleAPIs into a .Net app with NuGet, it will inject a new set of dummy values in your *.config file.
Check that any original values are still in place, and remove dummy entries.
Deleting client ID and creating new one a couple of times worked for me.
Mine didn't work because I created it from a button from the documentation. I went again to the project and created another OAuthClientID. It worked. Yes, be careful about the extra spaces on right and left too.
For best results make sure you have the complete details as follows:
{"client_id":"282324738-4labcgdsd4nlh34885s2d34tmi.apps.googleusercontent.com","project_id":"abcd23ss-212808","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://www.googleapis.com/oauth2/v3/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"23452-dfgdfgcdfgfd","redirect_uris":["http://localhost:6900/auth/google/callback"],"javascript_origins":["http://localhost:6900"]}
This data is always available for download as JSON from https://console.developers.google.com/apis/credentials/oauthclient/
If you are in Meteor JS, you have to use clientId instead appId:
Since facebook uses appId and google clientId.
ServiceConfiguration.configurations.upsert({
service: "google"
}, {
$set: {
clientId: process.env.OAUTH_GOOGLE_APP_ID,
loginStyle: "popup",
secret: process.env.OAUTH_GOOGLE_SECRET
}
});
I spent some hours to realize over that.
I wish I had seen this post before, because there are a lot of things I had to find out trial and error. A lot can go wrong with this. Here's another issue I had:
Whe you specify the Authorised Javascript origins or Authorised redirect URIs, make sure to include your domain with and without www. So https://google.com and https://www.google.com
Also I had uploaded an Application logo. Because of that, the consent screen required a review... which takes forever. Don't upload an Application logo, or be very patient.
this could also be because of not using https url.
In other words,this only works with https. It works with http only in localhost
The solution that worked for me was to remove the ' single quotes and remove additional spaces at the end of the client id and secret in the .env file
Related
in Nuxt I have the title error using auth v5. This is my current strategy:
The docs (https://dev.auth.nuxtjs.org/schemes/oauth2#codechallengemethod) says that you can use "plain" or "S256" as an option, I tried both but the error persists.
The only I cant manually get it work is by copy-pasting the oAuth in the url:
https://accounts.google.com/o/oauth2/auth/identifier?protocol=oauth2&response_type=token&client_id=MYCLIENTID&redirect_uri=https%3A%2F%2Flocalhost%3A3005%2Flogin&scope=profile%20email&state=sIpW-W_6h_QwUs0gCDV_o&flowName=GeneralOAuthFlow
Compare that link to the following:
https://accounts.google.com/o/oauth2/auth/identifier?protocol=oauth2&response_type=token&client_id=MYCLIENTID&redirect_uri=https%3A%2F%2Flocalhost%3A3005%2Flogin&scope=profile%20email&state=sIpW-W_6h_QwUs0gCDV_o&code_challenge_method=S256&code_challenge=fnyp2Ray850HEmHEwmoyQtIrPFPpHWBt4nVAz9p5Vxs&flowName=GeneralOAuthFlow
The only difference between the first and second link is that the first one actually works (I can login) and it doesn't have a challenge_method.
The second link doesn't work (it displays the google image above) but if you read the end of the link it has both the code_challenge_method & code_challenge
After many hours of trial and error, the only way to make it work is by setting code_challenge_method to an empty string, like this:
The demo used in the nuxt auth module, does the same thing, they don't use any code_challenge_method with the google strategy
EDIT 10/06/2021
After doing further investigation, it seems that if I only use an empty code_challenge_method (just like the image above), google auth just doesn't seem to work anymore, my bet is that a broken commit was merged here, so in order to fix it I added a new property to my google strategy:
responseType: 'token id_token'
I also created a report for that bug here
I had the same error and this setup has fixed my issues. Note I am using Next-auth but the parameter name is the same except for the naming convention. Set response_type value to code. Setting the response_type value to token will issue an error, so use code instead.
I was creating an API for TD Ameritrade (my first time creating or dealing with APIs) and I needed to put in my own call back URL. I know that callback URL is where the API sends information to and i heard that I can just use my localhost API. I scoured the internet and I dont know how that would work and I was wondering if i can just use http://localhost?
Sorry if I seem like a noob because I am
In short, yes.
Follow the excellent directions at
https://www.reddit.com/r/algotrading/comments/c81vzq/td_ameritrade_api_access_2019_guide/. (Even with them, I spent excessive time on trial and error!)
Since stackoverflow has a limit of 8 links in a response, and the localhost text string looks like a link, I’m showing it with the colon replaced by a semicolon, i.e., http;//localhost to reduce the link count. Sorry.
I used the Chrome browser after first trying Brave, which did not work for, possibly because of my option selections.
Go to https://developer.tdameritrade.com/user/me/apps
Add a new app using http;//localhost (delete existing app if there is one).
Copy the resulting consumer key text string (AKA client_id or OAuth User ID).
Go to https://developer.tdameritrade.com/content/simple-auth-local-apps, follow instructions. Note: leading/trailing blanks were inserted by MSWord due to copy/paste of the auth code, which had to be manually deleted after wasting excessive time identifying the problem. The address string looks like:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost&client_id=ConsumerKeyTextString%40AMER.OAUTHAP
This returns a page stating the server refused to connect, but the address bar now contains a VeryLongStringOfCharacters in the address bar:
https;//localhost/?code= VeryLongStringOfCharacters
Copy the contents of the address bar, go to https://www.urldecoder.org/, decode the above, and extract the text after “code=”. This is your refresh_token
Go to: https://developer.tdameritrade.com/authentication/apis/post/token-0, fill out the fields with
grant_type=authorization_code
refresh_token=<<blank>>
access_type=offline
code=RefreshTokenTextString
client_id=ConsumerKeyTextString#AMER.OAUTHAP
redirect_uri=http://localhost
Press SEND.
If the resulting page starts with HTTP/1.1 200 OK, you have succeeded.
Try updating your redirect to:
redirect_uri=https://localhost
They may require https now and you need a colon instead of a semicolon. Everything looks correct. This process generally takes me more then one attempt, and 15 minutes to an hour to get my refresh token squared away every 90 days.
dont use #AMER.OAUTHAP in client_id
If you generate a new code and based on that try to get a new access token. it should work.
I'm using WSO2 API Manager.
In an API, in User Overview tab below url is shown as Production and Sandbox URLs which are correct
http://myapistore.com:8280/railway/2.0
But in the same api under API console tab below url is shown as base url which is incorrect
http://myapistore.com/store:8280
But actually the base url should be http://myapistore.com:8280
So altogether API url would be
http://myapistore.com:8280/railway/2.0/station/getAll
How can I change the base url?
In my WSO2 API Store my services are shown correctly. When I click on the tab sheet, the URLS are shown correctly even when I hover over these links.
Did you register the service correctly?
You probably already figured out the answer to your question, but I came here looking for how to change the production URL of an API, and thought I would share the answer to that question here, for any future googlers :)
This is the view we're talking about, the API overview. Notice that the Production Endpoint is wrong (should be worldbank, not worldbanks).
Click on Edit API in the top blue bar, and in the second step you'll be able to change it.
(notice the corrected URL)
I hope this will help someone in the future :)
I have a page tab app that I am hosting. I have both http and https supported. While I receive a signed_request package as expected, after I decode it does not contain page information. That data is simply missing.
I verified that like schemes are being used (https) among facebook, my hosted site and even the 'go between'-- facebook's static page handler.
Also created a new application with page tab support but got the same results-- simply no page information in the signed_request.
Any other causes people can think of?
I add the app to the page tab using this link:
https://www.facebook.com/dialog/pagetab?app_id=176236832519816&next=https://www.intelligantt.com/Facebook/application.html
Here is the page tab I am using (Note: requires permissions):
https://www.facebook.com/pages/School-Auction-Test-2/154869721351873?id=154869721351873&sk=app_176236832519816
Here is the decoded signed_request I am receiving:
{"algorithm":"HMAC-SHA256","code":!REMOVED!,"issued_at":1369384264,"user_id":"1218470256"}
5/25 Update - I thought maybe the canvas app urls didn't match the page tab urls so I spent several hours going through scenarios where they both had a trailing slash or not. Where they both had a trailing ? or not, with query parameters or not.
I also tried changing the 'next' value when creating the page tab to the canvas app url and the page tab url.
No success on either count.
I did read where because I'm seeing the 'code' value in the signed_request it means Facebook either couldn't match my urls or that I'm capturing the second request. However, I given all the URL permutations I went through I believe the urls match. I also subscribed to the 'auth.authResponseChange' which should give me the very first authResponse that should contain the signed_request with page.id in it (but doesn't).
If I had any reputation, I'd add a bounty to this.
Thanks.
I've just spent ~5 hours on this exact same problem and posted a prior answer that was incorrect. Here's the deal:
As you pointed out, signed_request appears to be missing the page data if your tab is implemented in pure javascript as a static html page (with *.htm extension).
I repeated the exact same test, on the exact same page, but wrapped my html page (including js) within a Perl script (with *.cgi extension)... and voila, signed_request has the page info.
Although confusing (and should be better documented as a design choice by Facebook), this may make some sense because it would be impossible to validate the signed_request wholly within Javascript without placing your secretkey within the scope (and therefore revealing it to a potential hacker).
It would be much easier with the PHP SDK, but if you just want to use JavaScript, maybe this will help:
Facebook Registration - Reading the data/signed request with Javascript
Also, you may want to check out this: https://github.com/diulama/js-facebook-signed-request
simply you can't get the full params with the javascript signed_request, use the php sdk to get the full signed_request . and record the values you need into javascript variabls ...
with the php sdk after instanciation ... use the facebook object as following.
$signed_request = $facebook->getSignedRequest();
var_dump($signed_request) ;
this is just to debug but u'll see that the printed array will contain many values that u won't get with js sdk for security reasons.
hope that helped better anyone who would need it, cz it seems this issue takes at the min 3 hours for everyone who runs into.
I'm implementing Express Checkout in PayPal.
I have no problem with the first two steps, SetExpressCheckout and GetExpressCheckout. But when I use DoExpressCheckout, I encounter the error "Security header is not valid".
The API credentials are the same!
I've fixed it by changing the $environment to live in DoExpressCheckout. (The difference $environment makes is that it'll use https://api.sandbox.paypal.com/nvp/ instead of https://api-3t.$environment.paypal.com/nvp)
But why?
Is there something wrong with https://api-3t.$environment.paypal.com/nvp?
https://api-3t.sandbox.paypal.com/nvp requires different user-accounts than what https://api-3t.paypal.com/nvp requires.
The sandbox accounts can be activated at developer.paypal.com
I had the same error being thrown for the live environment. For me, it turned out there was a trailing space at the end of my API username.... I removed the space and it worked fine.... I'd pasted them into a config file straight from PayPal and must've copied a blank there as well... so if this happens to you, check for trailing spaces! This would've been obvious if the username was hardcoded in a string, but wasn't because it was in a java properties file.
note that you'll also get this error if your credentials are wrong (ie bad username, password or signature). I just had the same issue happen when I pasted in my info to a config file, and had extra characters at the end of my signature by mistake.
He may not grant permission for checkout. Refer to this article, apparently down for now but still available here.