I am getting an Authorization Error from OAuth 2.0 Playground when trying to Authorize APIs. I have checked the permissions on the app multiple times (as I am the OWNER), I have fixed security issues(google asking questions), tried multiple browsers and multiple email accounts(under new projects). Below is the error message:
Error 403: access_denied
The developer hasn’t given you access to this app. It’s currently being tested and it hasn’t been verified by Google. If you think you should have access, contact the developer (recipe.tracker.app#gmail.com).
Learn more
Request Details
access_type=offline
response_type=code
redirect_uri=https://developers.google.com/oauthplayground
prompt=consent
client_id=765247627523-mhvqb7sc2or6rittk8dp0ti7b1ba8eel.apps.googleusercontent.com
scope=https://mail.google.com
Daniyal dehleh's original answer that solved my problem
Solution to my OAuth 2.0 Playground error:
Go to your developer console.
Go to OAuth consent screen.
Go to +Add users, under test users.
Add the users for the test (even the owner email address if not working without it)
I had the same issue.
Solution for me was to
https://www.google.com/settings/security/lesssecureapps Enable less secure apps
https://accounts.google.com/b/0/displayunlockcaptcha Enable this functionality
add the Email to Test users while app is in development mode
enter image description here
Related
We are currently using basic authentication for our DocuSign apps. Our application requires no human interaction for envelope creation. Backend code does a basic authentication and creates the envelopes.
We want to move to oAuth 2.0. I went through DocuSign's web site and read about different kind of OAuth grant flows.
I downloaded there quickstart code (Authentication grant code flow) but it did not work for me as I was always getting HTTP error 404 at the time of redirection. It seems, for our system integration JWT grant flow should work, but again it has a consent form, which requires someone to approve.
Can someone help me with sample code on oAuth 2.0 with System integration?
You can use administrative consent for JWT which means that the organization need only consent once and the app can then be used by all users. No one will need to log in to DocuSign to use your integration.
I would like to help with the issues you had with quickstart, but not sure what language you tried.
Download a fresh Java Quickstart from https://developers.docusign.com/docs/esign-rest-api/quickstart/
Run Java Quickstart in command line per these instructions: https://developers.docusign.com/docs/esign-rest-api/quickstart/overview/#configuration > Java tab > Building and running Quickstart
Get JWT consent for app: Login > Dropdown: JSON Web Token Grant > Authenticate with DocuSign > Log In > Allow Access
Extract ds-java-auth-final.zip located at https://github.com/docusign/code-examples-java/blob/master/docs/ds-java-auth-final.zip
Fill in ds-java-auth-final/src/main/java/test.newOAuth/Config.java with your client-id and impersonated-user-guid from your Quickstart_folder/src/main/resources/application.json
Fill in your API account ID from the Apps and Keys page https://admindemo.docusign.com/authenticate?goTo=apiIntegratorKey
Fill in the ds-java-auth-final/privateKey.txt file with your private key from Quickstart_folder/src/main/resources/private.key
Right click on ds-java-auth-final folder and Open Folder as IntelliJ IDEA Project
In Project window, navigate to ds-java-auth-final/src/main/java/test.newOAuth/DsNewAuth
After building, right click and Run 'DsNewAuth.main()'
Please let me know if you have any questions
I am trying to setup Web Security Centre for my Google AppEngine App.
I tried using Google as well as Non-Google Account for Authentication where I provided Username and Password but it errors out saying
Could not sign in using the provided username and password
I tried below things:
Tried creating a test account vikash-security#gmail.com (in compliant with google naming convention) in my gmail and using the same for authentication. (this user had same domain name as my company's)
Created a test user with different domain name and used it for the authentication.
Both the above users have access to my Google App.
Both of the way did not work and throws the same error. Can anyone help me out with the same?
Google enforces a real name policy on G+ accounts. Your test account may be blocked from G+ if the name does not look real. at [1]. It will only work if the Google account you provided should have been G+ verified (with proper G+ setup), but still need to retry after the first failed attempt and it eventually will work.
There are few issues related to this and if this is a bug it will be resolved soon.
I raised this concern with the Google support team and got to know that there was issue from their end and they got this fixed and now my web security custom scan is working with non-google authentication.
I have built an integration with the Docusign API, but am unable to successfully complete the JWT auth flow with our production account.
Everything works fine in our sandbox account - I went through all the steps described in the docs (https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken),
and successfully promoted the integration key to our production account.
However, with the production account, running through the same code to initiate the JWT results in a 400 Bad Request error, with no additional information about the nature of the failure. I've double checked that we are using the correct oauth base domain (what Docusign calls aud) and that RSA keys and redirect URLs are correctly
configured for the production account.
I've also gone through all of the "go live" steps, except for one which mentions migrating users, since it doesn't seem
like this functionality is available on our production account dashboard. On the sandbox account, which has all enterprise features enabled,
the sidebar has a section for "Users and Groups" but there is no such section on our production account.
I'm wondering if the root of the problem is that our production account, which is the Basic API level account, doesn't have adequate permissions
to support the use case I'm building for.
Unfortunately I can't get a straight answer from either account reps or tech support folks as to whether this is true.
are you trying to use the same RSA key you used in Sandbox in Production by any chance?
Also, did you actually get your IK certified and active in production?
Question
How can my Github App get an access token that have the permission to create an issue?
What i tried
I enabled all the permissions in the Settings-> Developer settings -> GitHub Apps -> Permissions and webhook page, follow the instructions to get access token, then make a request referring the docs,but get the response below:
{
"message": "Resource not accessible by integration",
"documentation_url": "https://developer.github.com/v3/issues/#create-an-issue"
}
but everything work out fine when I use personal access token to make this request.
Details
Create a Github App
I enabled all the permissions
Subscribe all the events
Get access token
https://github.com/login/oauth/authorize?client_id=Iv1.abfa65bfc68dc75a
https://github.com/login/oauth/access_token
Request Create an issue
when I replace access_token I got from previous steps with my personal access token, everything work out fine.
Great, detailed write up of the issue you're encountering!
follow the instructions to get access token
I think this may be the cause of the issues you are running into. You've created a GitHub App, but you are looking at the instructions for authorizing OAuth Apps.
The docs for "Authenticating with GitHub Apps" are probably what you are looking for: https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/
Last night a site that has been working fine for about six months started getting a 403 error when using Google OAuth. The authentication code hasn't changed, and I don't see any notes that Google OAuth suddenly changed either. I've tried re-issuing the client ID (including client secret) but that didn't fix it.
Details:
Full error: "Access Not Configured. Please use Google Developers Console to activate the API for your project." comes after this (scrubbed) request:
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fx.y.com%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&client_id=12345-abcdefg.apps.googleusercontent.com
The response header does contain this (scrubbed):
Location: https://x.y.com/auth/google/callback?code=4/MF-V...
which contains the code similar to what I see in the API playground.
Server setup: node.js running express with passport/passport-google-oauth.
I don't know what API needs to be enabled -- I sort of think this is a miss-sense error. None of the APIs in the "APIs & auth" section of the Developers Console appear to be relevant. I'm configuring OAuth under "APIs & auth > Credentials." This is not youtube or Google+ authentication.
I don't think this is the cause of your problem but you should be aware of it anyway. Using OAuth 2.0 for Login (early version)
Important: Google has deprecated the early implementation of OAuth 2.0
for login that is described in this document and will no longer
support it, after a migration period. If your app uses OAuth 2.0 login
(early version), you should either switch to Google+ Sign-In or update
your existing userinfo endpoints and scopes by the deadline given in
the migration timetable. For instructions, see Migrate or update OAuth
2.0 login.
Migration timetable says on Sept. 1, 2014 its gone: https://developers.google.com/+/api/auth-migration#timetable
We are having the same issues. I don't know if it is luck - or what, but a few minutes ago i finally started just enabling API's to see if it would help. I enabled Google+ Domains API, Google+ Hangouts API, Admin SDK. After not being about to login all day (same error that you were getting). I have logged in twice now.