I cannot seem to get past the Google Authorization pop that always returns Error 401: deleted_client.
I created a Google sheet script a while back and I need to get it working again. I made a GCP account and tried messing around with that for hosting the app but I realized I didn't need that so I deleted all of my projects and my billing account. But I still can't get past the Google Sheet error when it tries to authorize my account. This worked before I started anything with GCP and was fine.
I've seen other issues saying that there needs to have some fixes in the GCP account and that's fine and all but I do not want this connected to GCP at all. I will never use GCP again and I can't even find a way to shut down the account entirely without removing my Google account.
I've tried clearing all cache and cookies from chrome since the beginning of time like some others have suggested that doesn't fix the issue either.
Thanks in advance!
It's confusing but, if your script uses Google APIs you must associate the script with a Google Cloud Platform (GCP) project.
See Google Cloud Platform projects for an explanation of this relationship.
GCP projects are used to group enabled Google services, to provide identities and configure OAuth.
Please read the document but see (re)creating OAuth credentials.
You'll need to:
Create a GCP project
Enable Google services
Configure OAuth consent
DazWilkin lead me in the right direction!
The last thing that was needed was to go to the existing Google Sheet script, hit the gear in the left panel of the new editor, then change the GCP project number to match the GCP project I created with OAuth creds. Thanks again!
Related
The process of setting up a setting up an oauth consent screen and getting the credentials.json is tedious to do every time I create project to use Google APIs. Is there a way to do this from the command line?
I wasn't able to figure out how to enable oauth with the gcloud cli by Googling.
You may follow the progress of this issue's feature request by paying attention to the issue tracker.
I have an account that is the verified owner for a property listed in the Google Search Console. I'm working to set up API access to it. I have a principal created that has access to each of the Google Cloud projects that I intend to query the data from. I've enabled the Google Search Console API for each of these projects.
After I authenticate the principal via OAuth2 and use the access token (including the 'https://www.googleapis.com/auth/webmasters.readonly' scope) to make a POST request to the query endpoint, I get an error message back that reads in part:
Google Search Console API has not been used in project 256595xxxxxx before or it is disabled
I searched this number in my Google Cloud Console and manually clicked through each of my properties and it doesn't match any of the projects on my account. How do I identify which project this number is referring to and/or how do I change it to point to one of my own Google Cloud properties so I might access its API?
Note: This answer speaks to what it is I'm trying to do (but with Google Search Console API), except that the error doesn't reflect my project ID, so I'm stumped about how to move forward with enabling the API on it.
This didn't take long to solve. After listing all the projects in the Google Cloud CLI per the first half of the instruction here, I was able to identify the project as that which is used as the service principal to do the authentication in the first place (and not actually an account I intend to export any of the data to).
My app runs on multiple subdomains
i.e. abc.foo.com xyz.foo.com for different regions.
We recently created a PWA for our app which runs on a different subdomain
m-abc.foo.com m-xyz.foo.com
To enable Sign in with Google for the PWAs, I added the redirect_uris and Authorized origins in the API Credentials for Google Cloud Platform.
Now, for these new subdomains I am getting the following error on the consent screen after choosing the google email address
This app is blocked
This app tried to access sensitive info in your Google Account. To keep your account safe, Google blocked this access.
The app currently asks for read/write access for Calendar only.
Could not find anything definitive on support documents either.
Anybody has any idea what I might be missing here?
To check, I added another subdomain def.foo.com and added redirect_uri for it. This time Google Signin worked fine without problem.
Does this have anything to do with the apps being a PWA?
Thanks!
I tried different official tutorials but they all ended up to be misleading.
The last one was this: https://cloud.google.com/iap/docs/cloud-run-sign-in -- it ​says:
Enable external identities, and select the Host a sign-in page for me option during setup.
But there was no such option. No new Cloud Run instance was created and so nothing has happened. Then after a while I've updated the source code of my application, redeployed and the blue login button appeared on the Cloud Run instance URL instead. NO documentation tell that "on this step you'll now see the blue button" so I don't know for sure what it is. When I went through the dialog it said I should add the Cloud Run instance URL to the "allowed origins" in the OAuth app I created a week ago by trying different tutorials I mentioned in the first place. Aha! I add the URL as allowed but this does nothing -- it just loops, the dialog leaves me on the same page with the same blue button instead of my Cloud Run instance response that now I effectively have no access to. I am the GCP Project owner and I want this all to check that it's me to invoke the Cloud Run. How does this specific OAuth app blocks this specific Cloud Run instance at all? I have multiple apps made in months or years and multiple Cloud Run instances but only now this blue button appeared.
Being unable to make it work I decided to roll it all back. I allowed the Unauthenticated calls to my Cloud Run instance, disabled the IAP API, deleted the OAuth app, redeployed several times, but the blue button is still there with dialog saying: "The OAuth client was deleted." And I see nothing like my current problem to be described on https://cloud.google.com/run/docs/troubleshooting
So now not only the whole thing didn't work (the "sign-in page" does not deploy, not even if I disable and enable the IAP API again) but I've lost the access to the Cloud Run instance at all -- it's blocked by the blue button that is nowhere to disable. Even when I deploy new services they are behind this broken thing.
UPD: after a while I've realised that I didn't really lose any access -- the "blue button" was an artifact of the failed tryings to setup the auth, a my own copypasted htm page that didn't work, and I was just visiting the wrong path appended to the service URL. So the question is half-invalid. Though the problem of the "create a sign-in page for me" persists.
Currently, IAP is only supported with App Engine, Compute Engine and HTTPs Load balancers. Cloud Run isn't yet supported. It is planned to be supported in the near future.
As a workaround you can check those two options in order to implement with your application:
1 - A similar stackoverflow post where is stated and answer about how to Google Sign in for Cloud Run
2 - A Cloud Run hosted version of an IAP in Terraform config made by the community
Also you can try to Setup a Load Balancer with Cloud Run and see if that solves the issue you're facing.
Enable external identities, and select the Host a sign-in page for me option during setup.
I believe this is referring to - when you turn on IAP and choose 'use external identities for authorization', there is an option that says - 'Create a sign-in page for me' with a note which says - IAP will create a sign-in page for you using Cloud Run and Firebase UI
2.
I tried following the steps and after checking the option to 'create a sign-in page for me', it showed me a popup window with a message that it was creating a Cloud Run instance for me. After about 3 minutes, it said it was done and showed me url for the Cloud Run instance and a link to the page settings
3.
Regarding access to the Cloud Run instance, I think it's best to just delete it from the UI (Google Cloud Console). Redeploying will then recreate the Cloud Run service and you should no longer have the 'blue button' since you say you have disabled it
I am trying to setup Cloud Datastore, in GCP. Upon selecting "Cloud Datastore", in console, I see the "Choose where to store your data" page, with this error:
"Unable to retrieve database locations
There was a problem retrieving the available storage locations for your data. Retry or return later to finish getting set up."
Has anybody encountered this?
I have encountered same and resolved as below. (Iam using free tier)
When you select a location in either product (Cloud Datastore or App Engine), you set the location for your entire Google Cloud Platform project. I choose location to set from App Engine.
From Home (on left side) --> App Engine --> Select a language (I have selected "python"). --> It prompts for location (I have selected "us-central") --> (press) Next
Thats it come out of the tutorial. Next time I selected Datastore, it worked fine.
Hope this helps (screens below)
SCREEN1
SCREEN2
SCREEN3
SCREEN4
I've encountered the exact same error. Some of the Google Cloud management tools are a bit buggy, gcloud included, they need more TLC and more users to report bugs to Google. The best way around the bugs is to either use the Firebase Console or the App Engine console. Either one of these two appear to be required to provide the missing management glue between the various Cloud products Google has. The Firebase console IMHO is superior to the app engine console, and that's what I would recommend using. You can create the DB from the Firebase console. it will also add Firebase to your project, giving you access to the Firebase CLI, which works very well and doesn't have all the bugs that gcloud CLI has.
Go to https://console.firebase.google.com/u/0/ to open the firebase console
Click on +Add Project and select the project you created using the Google Cloud Console.
This will prompt you to accept addind Firebase for this project. Click accept, it will enable access to the project via the Firebase emulator and firebase CLI, you definitely want this.
Under Develop in the left hand menu, select Database, from there you will be able to add the version you want. Keep in mind only the old firestore has an SLA, but the new native Cloud Datastore is better, it has the pub/sub on events on read/writes.
I use Firebase to manage microservices that are only accessible via special routing from other backends and don't use any Firebase client code, it's just so much easier to manage the functions and run them locally with the firebase emulator before deploying using the Firebase CLI. I've not had the same luck with gcloud or using the Google cloud console as opposed to the Firebase console. On the other hand, Firebase CLI, the emulator and the Firebase console are fantastic, pretty seamless experience. It's been a joy using them. I wish I could say the same about the Cloud console, I go in there only when truly necessary.