Trying to get dot some Is and cross some Ts on getting SAML to function correctly with Firebase. I've followed Google's workflow on how to add SAML to a project (https://cloud.google.com/identity-platform/docs/how-to-enable-application-for-saml) but am hitting a wall with the authorization callback URL. When clicking the login to go to the SAML, it takes you to the provider's URL to sign in. But after logging in, you just get redirected back to the firebase site (*.firebaseapp.com/__/auth/handler), not the actual site. I've got the site URL set up as an authorized Domain in Firebase/Cloud Identity Platform. I'm not using Firebase hosting for the project, but I thought that as long as the URL is in the Authorized Domain, I didn't need to set up a redirect.
*3:26pm 2/26 - I think part of it might also be how I entered the SP Entity ID. I had used the same as the Entity ID that was with the SSO URL
Related
Cant establish persistent API connection to GA4 from Make (formerly Integromat). I use an HTTP OAuth 2.0 connection
I've enabled the Google Analytics Data API v1
In GCS I've created a project, Enabled the above mentioned API with authorized domains integromat.com and make.com and also created an OAuth 2.0 app. The scopes I added was:
https://www.googleapis.com/auth/analytics.readonly
https://www.googleapis.com/auth/analytics
I created credentials for a web app with the Authorized redirect URI’s of
https://www.integromat.com/oauth/cb/oauth2
https://www.integromat.com/oauth/cb/google/
The connection works but only for a short period (I assume the token expires). To try and mitigate this I created a service account. That does not work as I cant find a way to add an authorised URI to a service account. This is the Make error:
Error 400: redirect_uri_mismatch
You can’t sign in to this app because it doesn’t comply with Google’s OAuth 2.0 policy.
If you’re the app developer, register the redirect URI in the Google Cloud Console.
Request details: redirect_uri=https://www.integromat.com/oauth/cb/oauth2
Any ideas please? I’m truly stuck
Your question lacks a bit of information as to what it is exactly you are trying to do. However there is enough here that I can help you clear up a few issues or miss understandings.
Oauth2
Oauth2 allows your application to prompt a user to request permission to access their data. The authorizaton server returns to you an access token, this access token is good for only an hour and then it will expire.
If you are using a server sided programming language then you can request offline access, at which point the authorizaiotn server will return to you an access token and a refresh token. The refresh token can then be used by you when needed to request a new access token.
service accounts.
Service accounts can be used if you are only accessing private data that you the developer own. You can create a service account, then go in the admin section of the google analytics website and add the service account as a user it will then have access to that account. There will be no need to request consent of a user to access the data it will just work. Note: service accounts only work with server sided programming languages.
redirect uri issue.
The redirect uri must exactly match the web page that your application is sending. In this case the error messages says you are missing https://www.integromat.com/oauth/cb/oauth2 you should add that.
Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.
I've developed an website in Flutter that I've deployed on Firebase. What I want to achieve is to redirect the user of an app to this website using an URL that also contains an JWT token because there will be some authenticated requests to be done on the website - but the website doesn't have any login page.
Is it possible to retrieve that token in order to be used in the code of the website?
If you're using Firebase Hosting, all traffic between the client and server goes over an SSL-encrypted connection, so the data can only be seen by the sender and received (unless your certificate chain is compromised).
If you pass the token in the URL, anyone can see it, as the URL is not encrypted. So you'll want to send the token in (for example) a header, such as the pre-defined Authorization header of HTTP. This is actually what the Firebase JavaScript SDKs themselves do to pass authentication information to the Firebase server.s
I am working on a react-native based project where google made it frustratingly hard to implement their oAuth without using an SDK.
First of all, WebView is not allowed to oAuth. So I attempted to implement it through normal browser / chrome tab where redirect is my app id like com.myCompany.myApp but when I add this as allowed oAuth redirect url I get error in google cloud console that this is not a valid redirect id for web based project.
I then tried to set it up with firebase dynamic links, But when I save changes it errors with Request contains an invalid argument.
Different type of OAuth keys have different redirect requirements and best practices. It's too numerous to name them all, so please see this documentation.
In general, if it's an installed app or a mobile app, the redirect URI isn't as important because you are just redirecting back to the app. However for web based app OAuth keys, you will need to be very careful with the redirect because it carries your access token. You can read more about redirect URIs and see what would qualify as a proper URI.
Basically Google makes sure your URI seems ok for your OAuth key type, otherwise it will reject it.
You cant use it because your app id is not an valid URI
This is the path in your application that users are redirected to after they have authenticated with Google. The path will be appended with the authorization code for access. Must have a protocol. Cannot contain URL fragments or relative paths. Cannot be a public IP address.
You cant redirect to an app id there is no way of knowing where the redirect should go. The following are valid redirect URIs
http://test.example.com/index.php
http://localhost:38898/signin-google
Is it possible to use a Firebase Hosted site with OAuth 2.0 for a third party API? I would like to use the Quizlet API. This requires an OAuth 2.0 redirection flow and a custom state parameter.
State: A random string generated by you. You send us this, and we'll send it back to you, and you verify that we send back the same thing you sent.
You must send and verify this value in order to prevent CSRF attacks.
So for example:
https://quizlet.com/authorize?response_type=code&client_id=MY_CLIENT_ID&scope=read&state=RANDOM_STRING
This would take the user away from my Firebase Hosted page and then they would authenticate. Upon authentication, Quizlet would send me back to:
REDIRECT_URL/?code=GENERATED_CODE&state=YOUR_STATE&expires_in=60
Can I somehow catch these URL query parameters in my Firebase Hosted site or its Angular code?
Thanks!
I am getting redirect_uri_mismatch error while getting refresh token using Google Calendar API V3. I have web application, which shows google calendar access consent window to user and if user allow access than i store refresh token received from request to my database. I also have windows service which runs once daily. This service fetch google calendar events for all users who have allowed calendar access into my application. It is working fine in my local environment but gives error on live site.
I have choose Application Type as Other while generating client id and secret. How can i resolved this error on live URL or where can i change redirect uri in Google API Console?
I have both web application and windows service using calendar api so i want same client id and secret needs to be used for both. Generating separate token for application type web application and other for windows service is not an option for me because i have tried that and it throws unauthorized client error while windows service try to fetch calendar events using refresh token generated throw web application client id & secret.
This error indicates that you are using the web redirect flow instead of the recommended flow with JS widget support. The web redirect flow does not take advantage of many features such as Cross-Device Sign-On, Over-the-Air Install, and so on.
This issue is related to the Authorized Redirect URI field settings for the Client ID.
To resolve:
Access your list of credentials in the Google API Console .
From the project drop-down, select your project .
On the Credentials page, look for the list of OAuth 2.0 client IDs, and select the web application client ID. This takes you to a details page.
In the Restrictions section, the Authorized Redirect URI field(s) should contain the appropriate protocol, host name, port, and path information that will receive the redirected flow.
Here's a related SO ticket: Google OAuth 2.0 redirect_uri_mismatch error