I am trying to set up Google login for my webapp with Flask-dance. The problem is with setting the 'Authorized redirect uri' in the Google Developer's console as https://moneycare.pythonanywhere.com/google/authorized. I get an error 'Invalid Redirect: must use a domain that is a valid top private domain'. This is happening only with PythonAnywhere domain. If switch the url with something like https://moneycare.herokuapp.com/google/authorized then the error does not appear.
Any idea why this is happening?
Thanks.
Related
Trying to save the URLs in "Authorized redirect URLs for your app" section of an app's Auth page results in error 500 with a generic message "Your changes could not be saved right now, please try again."
Happens on both latest Google Chrome and Firefox on Windows 10
I opened the URLs list and clicked on Save, which resulted in the abovementioned error. Same happens when I try adding any new URLs. There are currently 149 URLs in the list.
Would expect the saving to work.
If it does error, would like to see a meaningful error message, so I'd know if it's something I'm doing or if something has failed on LinkedIn side. Would also expect the LinkedIn dev team to be notified of the issue, so they would know without a need to contact about it.
I have seen many posts for this error and all of them said to add my URL under both the API key that's generated by Firebase and the OAuth 2.0 Client IDs.
My domain is lyricsandquotes.org so I added the URL in both of these.
The screenshot from the API Key:
The screenshot from the OAuth:
However, I am still getting this error. What am I doing wrong?
I noticed I had to change the redirect URI under the Client ID credentials to the one specified in the error message:
I have Wordpress blog and I want to share my post blog automatically in my Facebook Fanpage.
I using NextScripts: Social Networks Auto-Poster plugin and insert App ID and App Secret (I'm already register in developers.facebook.com). But when I click Authorize Your Facebook Account, I get error that said:
"Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
I'm already search answer in google, but still not able to fix it.
such as do this in developers.facebook.com account:
Use Strict Mode for Switch URIs => Turn off (but cannot turn it off)
Insert https://www.example.com/auth/facebook/callback into Valid OAuth URI redirect (not solving my problem, having another error : URL Blocked)
Is there any way to fix it? I only want to share my blog post automatically to save time, just it. Any help is very appreciated, Thank you.
I was going through AzureAD msal library for javascript. I tried to run the test app given in the same github link.
The app runs smoothly with facebook or microsoft account login. But when I try to login with twitter, it throws the following error:
Refused to display 'https://api.twitter.com/oauth/authenticate?oauth_token=....' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://tweetdeck.twitter.com https://tdapi-staging.smf1.twitter.com https://tdapi-staging.atla.twitter.com https://tweetdeck.localhost.twitter.com".
Also, the example works well when I have a single google account logged-in in my browser or when I enter google credential on the google login page. But when I have multiple google accounts logged-in and choose one of them for the app, it throws the following error:
Refused to display 'https://accounts.google.com/o/oauth2/auth?.....' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
In both the cases (twitter and multiple google accounts), the login happens, id token is generated but it fails to get access_token using acquireTokenSilent() and throws the above mentioned error. Then because of the acquireTokenpopup(), the login popup window shows again and when I enter my same credentials again, I get the access_token.
I have tried using loginRedirect() & acquireTokenRedirect() instead of popup but I have seen the same behavior.
What I have understood so far:
In the error cases, iframe is trying to add the google/twitter link into iframe src in the app home page (which is obviously not allowed).
In case of successful acquiring of access_token, I saw the iframe src has a microsoft login link (https://login.microsoftonline.com ...).
Can somebody help me understand why is it happening? And if someone has got a way to solve this, please help me out.
I haven't changed anything in the code, I just wanted to understand how msal.js works so that I can implement it in another project.
Good day!
I've been googling for a long time, but still no success.
Problem:
Let's supose we have a google document, which have embeded into some site with iframe, following google docs guide. User have one tab in which he is authorized with it's account in google. He visites our site and see document. He can access it, edit it, and whatever he whants.
Now, he desides to change his auth in google, he logs out and than logs in with different account. He DOESN'T reload our site (because it is ajax based), and now he tries access our document. And here comes a fail. He sees a blank page. in chrome js console there is an error:
Refused to display https://**docs**.google.com/SamplePDFURL in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN.
In iframe src = "docs.google.com" .
What happens? When user changed authorization, it's cookies have been changed and he became not authed for this doc and google automaticaly redirects frame to account.google.com auth page. BUT! This auth page is on different domain ACCOUNT. , and since google follows "same origin" security policy, we get error in console and blank iframe for user.
How to work around this?
Please help somebody.
As I said, I didn't find any working solution for this.a