I am trying to register my app for Oauth consent screen, so that I can create a OAuth client ID. I keep getting this validation error at end of the form, even though I have submitted everything correctly.
An error occurred while saving your app
And this error does not state which input in the form is invalid. Also in the network tab of development tools window, everytime I submit the request, I can see a POST request being initiated and it fails with following error.
{"error":{"code":3,"message":"The request failed because one of the field of the resource is invalid.","details":[{"#type":"type.googleapis.com/google.rpc.PreconditionFailure","violations":[{"type":"client_auth_config","subject":"?error_code=9&error_field_name=UpdateBrandWithMaskRequest.brand_id&error_field_value=0"}]}]}}.
Any suggestions on how to fix this is highly appreciated. I have contacted the google support about this issue as well, but as of now they're saying everything works on their end and clear cache and cookies but it doesn't work. I have attached here a capture of consent config wizard I'm using as well.
Put the Project ID in App Name
Try adding your support email to Firebase console. Go to firebase console->settings->General->Support Email->Add Email. Now while creating oAuth consent screen add same email id developer contact information as well as support email. It worked for me.
To expand on the top answer, there are numerous underlying reasons why this step of the app registration would fail. In the case where the application name is not valid (fails any of the checks that Google Cloud Platform enforces), then setting the application name to the project ID is guaranteed to fix the problem, as the project ID will always happen to be a valid application name.
It may be worth digging into the underlying validation error, which can be achieved by inspecting the network request that is sent upon submitting the form. In the "Network" tab of the Developer Tools, select the POST request that is captured after clicking the "SAVE AND CONTINUE" button. The "Response" tab (shown below for my case) should display an error object with a more descriptive message.
In my case, it seems that the application name was deemed abusive:
The request has been classified as abusive and was not allowed to proceed.
which I suspect is because it contains the word "Google".
What #Kalind said helped me to resolve the problem.
So login to firebase console, chose the project you are trying to create an OAuth Consent too. And then click settings-> General-> Support Email-> Add Email from dropdown.
Now when I go back to google cloud console under the Oauth consent screen, I can see that I have one registered to that project.
I had the same problem, indeed your App name must be identical to your Project ID that you chose when creating the project
I got the exact same error, probably an issue on their end :/
Thanks for reporting this everyone. I've also had the same problem for different apps and #Kalind suggestion fixes the problem. On Firebase project's settings there's a new field now called "Support email" where you can select your support email address. This will fix your issue like #Kalind and #Kasper said. I'm just adding a screenshot to make it more clear for those with the same problem.
Thanks!
For me there was an email in there already (owner of account email).
I had to invite another email > accept invite > change email > save > then change back > then I could proceed with the OAuth Consent Screen.
To change the support email on the Firebase Console you go to:
https://console.firebase.google.com/ > select Cog > Project Settings > General tab > Support Email
I reached this page is because of testing Google Login.
I faced this issue creating "OAuth consent screen".
But I didn't need this to create.
Just go to "Domain verification" page and "Add Domain".
There you may need to add 'txt record' in DNS Setting to prove you owned the domain.
After adding domain, go to "Credentials" page.
It is ready to choose the "Application type" like google guide
!!! pls enjoy !!!
I used the app Id as my App Name in the OAuth consent screen setup page.
If you are trying to use group email from gsuite in App consent/Firebase support, you must be the group owner, and do not need that group email address on any IAM role.
I believe the name of the application requesting access simply needs to be different from the name of the Google project.
This Error was come due to the project name is the same as the app name. So your app name and project name must be differnet
to expand on the helpful post of #zr0gravity7
I checked the 'response' in the developer con{"error":
{"code":3,"message":"com.google.apps.framework.request.BadRequestException:
At least one field must be updated."}}
I simply changed one field, and the save now succeeded.
(This is a very disappointing design of the form error checking)
The app name must be unique across Google. Modify the app name a bit.
Related
I have created a Gmail/Calendar add-on in Google Apps Script and I want to publish it to the marketplace.
I am following the steps at https://developers.google.com/workspace/marketplace/configure-oauth-consent-screen#fill_out_the_oauth_consent_screen. I am on the "Submit for OAuth verification" step which leads to https://support.google.com/cloud/answer/9110914#submit-howto. It says:
Click the Edit App button.
Enter the information required on the configuration page, and then click Submit for verification. If the submit for verification button does not appear at the end of the configuration pages, save what you have completed and repeat steps 1-4.
I have gone through all the steps but the Submit for verification never comes up. I'm not sure what I am doing wrong?
Your first problem is that you do not have a domain name that you own/control. gmail.com and github.com are not owned by you.
Verify your site ownership
Your second problem is that you are requesting restricted scopes. Google will probably demand a security audit. Sensitive scopes can also trigger an audit.
To verify, create another client and remove the sensitive and restricted scopes and add a domain name that you own/control. To read more about the effect of scopes and possible exceptions:
Sensitive and Restricted Scopes
I'm developing a webapp which allows users to log in with their Google accounts, using OAuth2.0.
I've created an OAuth2.0 client ID, configured the OAuth consent screen with the Publishing status set to 'Testing', and added a test user.
The frontend of my app is built with React, and I'm using a package (react-google-login) to handle the flow. I can successfully sign in with the Google account I added as a test user, and retrieve the basic profile information needed.
The problem is I can also sign in with other Google accounts, which have not been added to the list of test users. I imagine that Google should simply not issue access tokens for accounts which are not in the list of test users.
I feel like I've misunderstood something about the OAuth process, or I have configured something incorrectly. I would appreciate if anyone had any pointers?
Thanks.
It is indeed bugged.
I was in the same spot as you, assuming I had misunderstood something. After reviewing my code over and over with no luck, I made a Stack Overflow post, in which I was advised to post to Google's bug tracking system. After doing some troubleshooting with Google they confirmed the bug, and they are now working to fix it (for a little while already).
I included this thread as an example when talking to Google. I meant to post an update here after getting in touch with them, but I forgot, sorry!
The buganizer thread with more details:
https://issuetracker.google.com/issues/211370835
Is it possible you're only asking for the email scope?
It appears the test user filter and possibly the whole concept of the 'app' being in test mode exists only inside the consent screen feature.
For some reason, Google doesn't show the consent screen if you only ask for email.
So... maybe that means you don't need a consent screen, and therefore don't need to care what that feature thinks about your app (that your app is in test mode and needs to be verified before going into production).
Or maybe it's a bug? Or maybe just because you can do this doesn't mean it's allowed by Google's terms. Maybe they just haven't implemented preventing that use case.
Anyway, it may help you to know that if you add a more significant scope like the Calendar API then the following things will change:
Non-test users will get a message like "The developer hasn’t given you access to this app." and won't be able to complete oauth
Test users will get a message like "Google hasn't verified this app"
Test users will see a consent screen
Basically, everything starts working as expected.
By the way, just putting "email" or "profile" for scope seems to be an old way of doing things, and all the newer scopes want you to use a full URL for the scope (despite google themselves not using the full URL when you're configuring your scopes).
For example, if you want the email and calendar scopes, you can put this value for your scope field:
email https://www.googleapis.com/auth/calendar
Or you can use this equivalent value:
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar
Not suggesting you add a scope like email for the sake of it, just that it sheds light on what's happening, and if there's a scope like that that you need anyway, adding it will solve your problem.
I want to use Cognito for my WebExtension for Chromium and Firefox.
I have two problems.
1) Hosted UI from Cognito not at my domain - so users may think why:
For branding and security I want to host UI from Cognito on my domain. Because my product is the browser extension - I think that I can embed UI for login in iframe to the popup-ui (that shows if user push to the button of the extension).
2) Redirect after Google to the AWS - because of that user will see Choose an account to continue to amazoncognito.com but the correct text must be Choose an account to continue to <domain-of-my-project>:
Looks like this is not possible to redirect to my domain with saving automation of Cognito about exchanging of code from Google to access token from Google for getting email of user. In the documentation about domain for user pools mentioned only sub-sub-sub domain under amazoncognito.com. If this is not possible - would be useful to mention it in documentation.
Add customized domain is not available now. We have heard this request from multiple customers and would look into adding it into our future releases.
I'm confused about your second question, can you explain more about it?
With regards to your 2nd question. It's true that ideally you would want to be able to have a custom domain, but the fact google is showing amazoncognito.com is a problem with your configuration in your GCP account.
Under the API->Credentials tab in GCP console, you can adjust the product name and logo to be displayed. The problem is that you need to pass a review of your app before google starts showing them. This was changed by google after some phishing hacking attempts (https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html).
To submit your app for a review: https://support.google.com/code/contact/oauth_app_verification
I'm setting up a 'Login with Facebook' button and have it on a test page. http://www.digitalinkmultimedia.com/my-account
I believe I have things set up correctly for the app at developers.facebook.com. The app says it's public and available. I'm using Business Catalyst as the CRM, and the facebook integration appears to be correct (App ID, App Secret, etc)
When I click the login with facebook button the first time I get the message about my profile info being shared....but when I continue I get a 'Facebook login is currently unavailable'.
One thing I noticed is that when the popup first loads the FBTOKEN parameter has a number in it, then it quickly changes to FBUTOKEN=00000000-0000-0000-0000-000000000000#=
Any suggestions would be appreciated.
In the Facebook developers console for your app, please go to App Review > Permission Feature and give Advanced Access for "public_profile" and "email".
Facebook Login of the iOS app is working well without the Advanced Access setting.
If you're experiencing this now (end of 2020) it might be due to a pending "Data Checkup":
As part of an ongoing effort to protect user data and drive long-term value for developers, Facebook has introduced an annual Data Use Checkup for app admins to certify that their API access and data use comply with Facebook Platform Terms and Developer Policies, together with all other applicable terms and policies.
Enter https://developers.facebook.com/apps and you should see your app in red color with a note that Data Checkup is due.
You'll need to spend a few minutes to fill in a simple form...
After you're done you should be good 👍🏼
https://developers.facebook.com/apps
https://developers.facebook.com/apps/395514758911597/fb-login/settings/
Get Advanced Access
I agree that any data I receive through public_profile will be used in accordance with the allowed usage.
download open ssl and paste in E drive create folder software--------
and extract here openssl
keytool -exportcert -alias androiddebugkey -keystore "C:\Users\USERNAME.android\debug.keystore" | "PATH_TO_OPENSSL_LIBRARY\bin\openssl" sha1 -binary | "PATH_TO_OPENSSL_LIBRARY\bin\openssl" base64
keytool -exportcert -alias androiddebugkey -keystore %USERPROFILE%.android\debug.keystore | D:\FbDependentSoftware\bin\openssl sha1 -binary | D:\FbDependentSoftware\bin\openssl base64
D:\FbDependentSoftware
password :- android
8Rc05yVGh4n4xVIx4lkfCYYrzrM=
For me #NajamUsSaqib's comment worked, tried getting advance Access for Email and Public Profile and it started working.
If anyone is still facing this issue. Please check in your developer account if you have a pending Data use Checkup.
Once you complete it, it should work.
I had the same problem and got fixed the following way:
Site Settings>Social Integration
on the field where it says "Enter Site URL of your Facebook application" make sure you have your address as follow:
http://www.example.com not http://www.example.com**/**
Basically it will not connect to your FB App if you have a " / " after your domain.
I have got the same issue.
Check the setup is done or not. If not then review all the points that need to add the data
make sure add icons and url properly
make sure add domain
make sure you have ask for the permissions that you need
add platform and hashkey for android correctly
Most important thing you need to work in live mode
After all the above setup you will get the success
Developers please go through with the latest doc there is a-lot of changes in doc while integrating the facebook login or graph api or instagram api's.
I'm using the xfbml Add To Timeline social plugin (https://developers.facebook.com/docs/reference/plugins/add-to-timeline/), but when I click it the permissions dialog I get just says "Access my basic information" and sure enough it isn't actually getting me the publish_actions permission I need to use the timeline. I tried specifying the perm explicitly on the tag like so:<fb:add-to-timeline show-face="false" mode="button" perms="publish_actions"></fb:add-to-timeline> but no luck.
This was working fine yesterday and suddenly now it isn't. I'm wondering if this has something to do with my adding and removing my app from my facebook account multiple times?
This was driving me crazy for a long while. In my case, I fixed it by enabling 'Enhanced Auth Dialog' under the Advanced tab of my app settings.
When asking for publish_actions Facebook shows a preview screen of what sort of aggregations your app will create on their timeline.
In other words, if the preview isn't working, Facebook won't ask for the permission so you're asking in vain. Facebook doesn't make this clear in the docs, but everything needs to be perfectly setup with your app on Facebook to get this to work right.
Enable Enhanced Auth Dialong in the advanced settings of the app
Make sure you have at least one action and one object set up in the open graph section
For each action you must have an aggregation set up.
If you do not do all of these steps, there can be no preview and so Facebook won't ask for permission no matter what.
I faced the same issue. I fixed it by doing the below mentioned two thiings.
a. Enabled 'Enhanced Auth dialog' from 'advanced' setting of the app.
b. blanked 'user and friend permissions' along with 'extended permissions' tab on 'auth dialog' page.
I am not sure what it did, but it started working.
BUT.. Even though the authentication works and the posts are reflecting on my timeline, the add-to-timeline button still shows, 'Add to Timeline'..
The other trick i used is to keep checking the app permissions under account setting tab of my profile page.
Hope this helps !
From Apps -> Settings -> Auth Dialog:
While in Open Graph Beta, the 'publish_actions' permission can only be
requested from developers and test users of your app. The
'publish_actions' permission will be ignored if requested from any
other user.
I had the Enhanced Auth Dialog enabled in the Advanced Settings, yet this did not work until I added a Aggregation Preview for the activity. Strange, but true.
Hope this helps.
The publish_actions permission appears only if the user has added timeline OR if your app is a game. I suppose it will also be available for apps when Timeline will be rolled out to all users...