I tried to set up social login for my website but I accidently uploaded a logo to the OAuth consent screen, which has locked my app in a verification Status: Needs verification. I get the following message:
"Because you updated the application logo, your app registration requires verification by Google. Please prepare your app to submit for verification".
I am unable to delete this application and set up a new one (without a logo) or remove the logo from the existing one. It's totally locked me up? I also get a message that it will only allow 100 logins before it stops. How can I get rid of this thing, I've got a banging headache, and spent 8 hours going around in circles... Should I just remove the google login from my website? Is that my only option now?
Please help me!
For anyone facing this issue in 2021:
If you place a logo on Oauth consent screen by mistake, submit your app for verification. This will allow you to use the consent screen as before.
When you are contacted by a representative, inform them you want to use the app withouth the logo.
You can also follow this thread or add your +1 in issue tracker.
Related
I stumbled across a website a while back where it showed the privacy repercussions of logging in to Spotify using the web version. I believe it used JavaScript but I can't be too sure. Anyway, this unrelated website was able to display my Spotify username despite me not authorizing anything. If I remember correctly, it also had slots for other services that I didn't use so it couldn't show my username there.
But what I'm interested in learning about is how it managed to get my Spotify username. Not because I plan to use the method but out of curiosity with how the whole thing works. When I found out about that page/site awhile back, it spooked me enough that I started using a different browser profile specifically for Spotify going forward because of it but I never got around to digging deeper into how it actually did what it did.
Cookies save your an access token for Spotify account after to success login of Spotify.
Next time, if open your browser go to
https://open.spotify.com/
It's java-script to access from your PC's cookies,
call this API with cookies an access token, get your information.
Then display your user name in the web page.
https://api.spotify.com/v1/me
If I copy from my Chrome browser the access-token and API URL,
Then access by Postman.
I can get the my user name.
Each browser has own location to save a cookies,
if you never login before other browser, will not pick up your information.
I did not login before by Firefox.
This is screen of login.
We configured an OAuth consent screen in Google Cloud Console. Our application is configured like this:
We only request non-sensitive scopes:
As you can see, our application needs verification because we added application logo (it is not possible to remove it, arghhhh Google). However, users can still log in without any warning. Is this expected? Will it continue to work forever, even if verification status is "needs verification".
Ok im going to assume that your application was previously verified and all you did was change the logon.
In this instance what happens is that your app gets unverified by you can apply for verification again.
Due to the fact that its just a cosmetic change ie the logo. It shouldn't take long its just a formality really.
If you check the needs-verification link you will find that it states. that if you make changes to your projects consent screen, for example by changing the logo.
Your projects last verified consent screen will be showed to the users until the changes have been verified.
So your users are just seeing the old verified screen, if you want them to see your new logo then you have to submit it for verification again. as all you changed was the logo it shouldn't take long.
Note from me: I think this is an awesome change, last i checked the app would start to though an unverified app error message to the users. IMO this is a much better option. Your users can continue to use your app unmolested while google takes there time verifying the app again.
I need help doing the verification process for one of my applications, but I do not know what the problem is, for several days I have been trying to send the application and this is the link to the application's home page
https://khotwhteech.manbij.net/Homepageapps
My application does not contain any linked site and Google's response is as follows. Hi,
Thank you for your response.
To proceed with the verification process for your project khotwhteech, you will need to provide a homepage that accurately represents your app's identity to Google users.
To update the homepage URL linked to your OAuth Consent Screen, you may do so by taking the following steps:
Sign-in to Google Cloud Console
Select the project ID:khotwhteech
Go to Credentials on OAuth consent screen
Enter the homepage URL
Click Submit
Please reply to this email once you have made the appropriate updates to your site and/or your OAuth Consent Screen so that we may continue with the verification process.
Thank you for your patience. If you have any questions, please reply directly to this email. I don't know what's wrong, is there any advice or way to solve?
Our desktop application integrates with Facebook using the desktop app workflow and for approx. 18 months has been working without any problems. However, we are starting to get reports from some users that they cannot get past the login process.
When the login is successful Facebook should be attaching the access_token to the redirect_uri. Our application detects this and moves the user to the main part of our Facebook integration. What appears to be happening in some situations is that the access_token parameter is missing which causes our application to leave our embedded browser window open with the following message from Facebook:
"Success
SECURITY WARNING: Please treat the URL above as you would your password and do not share it with anyone."
What is strange is that this does not occur with all Facebook accounts and which Facebook accounts it occurs with seems to be changing. For example, we had a report of this approx. 1 week ago but could not duplicate it with my own Facebook account or with a colleague's Facebook account. Today, I still cannot duplicate it with my own Facebook account but my colleague now gets the problem.
The URL our code sends to Facebook is:
https://graph.facebook.com/oauth/authorize?client_id=xxxx&redirect_uri=http://www.facebook.com/connect/login_success.html&type=user_agent&display=popup&scope=read_friendlists,user_photos,friends_photos,user_photo_video_tags,friends_photo_video_tags,user_events,friends_events,user_groups,friends_groups
Reading the latest API documentation it looks like they recommend a different way to connect which we have also tried:
https://www.facebook.com/dialog/oauth?client_id=xxxx&redirect_uri=http://www.facebook.com/connect/login_success.html&scope=read_friendlists,user_photos,friends_photos,user_photo_video_tags,friends_photo_video_tags,user_events,friends_events,user_groups,friends_groups&response_type=token
To rule out our application as the cause we have tried these URLs directly within a web browser. What we find is that when using my Facebook account the browser re-directs to the success URL that includes the access_token parameter but when using my colleague's account the browser re-directs to the success URL that includes the access_token and then immediately re-directs again to the success URL without the access_token.
so... As far as we can tell this is either:
a) A change to the API which we cannot find documented anywhere
b) A bug in Facebook
c) Something that is now controlled by the user's Facebook security settings
Is there anybody who could explain why Facebook is acting differently with different accounts and how we can go about fixing this?
Thanks.
Kevin.
I have the same problem in my desktop applications.
And I just solve it with careful reading in ht*ps://developers.facebook.com/docs/howtos/login/login-for-desktop/. The solution is to change redirect_uri from ht*p://www.facebook.com/... into ht*ps://www.facebook.com/...
Hope this will help you just like it help me
NB:
change ht*p into http
sorry i have to change the http into ht*p so that i can post the answer.
Our app uses Facebook app API and as of this morning, our log out just stopped working. When you click logout on our app, it will log you out of Facebook, but our app still detects a Facebook session and allows the user to stay logged in.
We also noticed that the fbsr_* cookie isn't being deleted. Although I'm not sure if it's suppose to be.
Any help would be greatly appreciated! Thanks!
I am having the same issue. I went ahead in php and did $facebook->destroySession(); which helped however as of this morning it is still returning the same things. I am thinking its a bug on the facebook side.
I made a post here: https://developers.facebook.com/bugs/245362365535898