I am using the GoogleAuthUtil and PlusClient.
When I specify my client id as:
NNNNNNNNNNN-HHHHHHHHHHHHHHHHHH.apps.googleusercontent.com
it gives me GoogleAuthException: Unknown as the error.
This is the clientId specified in the Google API Console.
When I specify my client id as:
NNNNNNNNNNN.apps.googleusercontent.com
it works? But this is not the clientId specified for my Android app?
When I try use this for OAuth the server fails to log in using this clientId.... So actually.. How do I resolve such a dilemma?
Solved it by just using the web id instead of android id which always gave me Auth Exceptions. hope this helps someone else solve this weird problem.
Related
In our Android app that uses MSAL 1.0 we can successfully sign-in to Azure AD. However, we cannot find a way to get ID token. Some examples on line show two ways to get ID token: IAuthenticationResult.getIdToken() and IAccount.getClaims().get("id_token"). Neither of the methods works for us. The former does not exist as a method in IAuthenticationResult. The latter always returns null.
I've looked at the source code that does the signing in and noticed that ID tokens are acquired and parsed into claims. However, it does not look like they are made available to library users in their raw formats.
I've verified during debugging that valid ID tokens are being acquired.
Our app needs to pass ID tokens to our back-end server.
Is there another way to access ID tokens using MSAL?
Btw, we do not have this problem on iOS and MSAL.
I have confirmed that the feature is not present in the Android version (although the id token is accessible as a string in the iOS version). It will be implemented in the future. For reference look here:
https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/850
I have an android app with a python server. I need the server to have access to the users' emails constantly, so I'm following this guide:
https://developers.google.com/identity/sign-in/android/offline-access
def google_api(auth_token):
# If this request does not have X-Requested-With header, this could be a CSRF
#if not request.headers.get('X-Requested-With'):
#abort(403)
# Set path to the Web application client_secret_*.json file you downloaded from the
# Google API Console: https://console.developers.google.com/apis/credentials
CLIENT_SECRET_FILE = 'secret.json'
# Exchange auth code for access token, refresh token, and ID token
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/gmail.readonly', 'profile', 'email'],
auth_token)
print credentials
return credentials.id_token
I get the following error:
FlowExchangeError: redirect_uri_mismatch
Here is the secret.json:
{"web":{"client_id":"REDACTED",
"project_id":"REDACTED",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"REDACTED",
"redirect_uris":["http://localhost:8080/"],
"javascript_origins":["http://localhost:8080"]}}
I've also tried using http://my_actual_domain.com:5000/ for the redirect_uris and it still returns the same error.
I don't understand what redirect_uris is supposed to be or mean? It's not mentioned in the guide I link at the top
Redirect uri is something which you give it when you created OAuth Client ID. The one you used in the application should match the one you gave while requesting the Client ID.
Please make sure this configured properly.
I'm trying to implement the sample Twitter Digit app available on Github.
https://github.com/twitter/digits-android
But after following all the steps and populating every known place with API key and API secret.
My code is same I've just populated the properties file.
I'm getting: Digits﹕ HTTP Error: 403 Forbidden, API Error: 239, User Message: Try Again
Can anyone tell where the mistake is ?
The project will not work when copied as-is. You need to replace the consumer key and secret provided in the example project with your own. You can generate your own consumer key and secret via Fabric web portal.
#stack5: I have written this answer after reading the comments. I found that you've already received your answer. I'm writing this here so that anybody else facing similar issue would get benefited. Please accept this answer for the community.
I try to use Google oauth to authenticate users on my android app.
Then I would like to send it to my app server so it can connect at any time with Google calendar.
I tried to use
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article:
https://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.
What am I doing wrong?
EDIT:
OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL.
BTW, When I do the web flow with same parameters it works.
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token
When you create google Client ID Don't create a service application before you create a web application
Must include https://www.googleapis.com/auth/plus.login in your scope
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.
I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.
You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes
I have generated the Client ID, Client Secret, redirect-url and code by the help of this API Documentation.
https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Installed_Applications_Flow
I am doing same as above Document, but gives the following error.
Error: invalid_request
Required parameter is missing: response_type
Currently for the version 3, the implementation is quite easy. Have a look at the Google Task sample.