When setting up the Google OAuth consent screen for a new project (a chrome extension), what exactly should be put in the Authorized Domains field? If my extension can pop up on any website, then is there any way for me to fill this out so I can log in to the extension?
This should help: https://firebase.google.com/docs/auth/web/google-signin#authenticate_with_firebase_in_a_chrome_extension
You basically need to introduce chrome-extension://CHROME_EXTENSION_ID in the Authorized domains field
Related
We are advertising our product on Facebook and Linkedin. When users click on our ads, a webview opens with an opinion for Google SSO as a sign-up option. We support only webview at the moment.
The Google OAuth as a sign-up/login mechanism works on desktop and mobile, but when the site opens inside a mobile app such as Facebook, the user gets this error shown.
the error leads to: https://developers.google.com/identity/protocols/oauth2/web-server#authorization-errors-disallowed-useragent
As I understand Google wants us to set 2 configuration files in our site route directory, "apple-app-site-association.json" file for iPhone and "AndroidManifest.xml" for android.
I'm trying to configure them, but I don't understand how to without a mobile app.
This is expected due to security changes to Google's OAuth 2.0 authorization endpoint, you can find more details here
I'm updating a Chrome extension I've written to make use of Google Drive API. It does not require any sensitive scopes; it will use the ..auth/drive.file scope. I've followed the tutorial for OAuth2 authentication for extensions:
https://developer.chrome.com/extensions/tut_oauth
and a few other web resources to get it working in local development. One thing that is not discussed in the tutorial is the OAuth consent screen on the Google APIs console (https://console.developers.google.com/apis). I want the extension to be publicly available, not restricted to my organization. Do I need to obtain verification from Google in order to do this, even if not making use of sensitive scopes? Do I need to follow all the steps included here:
https://developers.google.com/apps-script/guides/client-verification
including creating a website? I don't actually know what app-scripts are; I just found this page by googling for oauth verification.
For what it's worth, on the edit form of the OAuth consent screen of the Google API console, there's a Sumbit for verification button. It is disabled. The tooltip says "Your changes don't require verification". So maybe all is good, as is, without the need to do anything more?
You only need to submit your application for review by Google if you use sensitive scopes.
I can also confirm this as I have a number of public facing apps that did not require verification as they do not use sensitive scopes.
Google also makes this apparent by displaying a warning on the OAuth Consent Screen (console.developers.google.com/apis/credentials/consent?project={your-project}) only when you use a sensitive scope.
I am working on a chrome extension which requires oauth2 authorization using "identity" API.
I was successful in authorization when the extension was on my local machine. If I am not logged in chrome, then it asked me to first login to chrome and then the interactive google authorization.
But when I deployed the extension in webstore and authorizing, it is always asking me to Sign in to chrome despite I am already signed in. Even though I am signing in again, it is not showing any further interactive authorization screens.
I have also updated the client id in the webstore extension as per the new extension id generated.
What can be the possible reason? Please help.
Thanks in Advance!
I got it working by adding the public key in the field "key" in my manifest.json. You can get the public key value from Webstore dashboard.
Simply go to webstore and click on "More info" of your deployed extension.
Copy the public key and paste it in the manifest.json file.
Note: There is no need to add the "key" in the local instance but I needed it in the production instance.
You all know this page.. Is there ANY way to customize this page somehow?
I thought using an iframe and custom the HTML but Google won't let
me embed their websites..
I thought using a Google Site and inserting a login gadget but there
is no login gadget.
What I want is a custom page where my clients can login to their gmail, drive....
What I want it's not impossible, this guys http://www.cloudcodes.com/custom-login-page.html offers you the possibility to custom the login page and even redirect you to another page after you've logged in.
Directly editing the native login page at accounts.google.com is not possible.
However, for Google Apps accounts, you have the option to set up the Single Sign On service, which allows you to authenticate through a third party provider (Or yourself, if you have the ability). What GControl are offering is this service, although they've labeled it misleadingly, to make you believe your actually editing the login page, rather than redirecting your users to a secure login.
They do it very well though, leveraging the Google Apps APIs to allow you to write and setup the service in their own console.
Source: I installed the service and tried their free trial, and they simply used the APIs to enable SSO on my domain.
Edit for clarity: SSO setup is not available for consumer Gmail.com accounts.
I am developing a chrome plugin which allows the users to email any web content from a html page. For that, I need to use the google authenticator api to allow users to log into their google accounts for sending emails. The OAuth2.0 specs require the redirect_ui parameter which is the url to be called after google authenticates the user. My question is whether it is possible to skip this parameter. I don't want the plugin to be hosted anywhere. I am thinking that it would be hosted locally on the user's machine.
Thanks in Advance.
Google has made a library specifically for using OAuth in Chrome extensions. You can check out the tutorial here.
In case someone stumbles upon this answer in 2017+, extensions (in Chrome and FF) now have a chrome.identity API.
It takes care of the OAuth dance for you, and provides you with a virtual redirect address https://<your-extension-id>.chromiumapp.org/ that will be intercepted by the browser. That way, you can provide a redirect URL without hosting anything.