I'm trying to set up Wordpress on the Google App Engine following the instructions on https://github.com/GoogleCloudPlatform/appengine-php-wordpress-starter-project. I'm a bit stuck at the fourth step of "Prerequisites":
When I go to Application Settings, I see the following:
I can't find any Service Account Name with an e-mail address to add as a user with Writer permission. How to proceed?
Your "Service Account Name" is wordpress-123922#appspot.gserviceaccount.com. Can double check it by using Service accounts page
Related
Can't login using Google Auth,
Error 403: org_internal
This client is restricted to users within its organization.
Go to cloud console (https://console.cloud.google.com/apis/)
APIs and services
Credentials
Oath consent screen
Ensure Application type is set to "public" and not internal.
Obviously assuming that you are creating an app that should be accessible outside your org. If this is related to testing and phones, it is possible to create testusers that are excepted from company policy rules.
The reason for this error is indeed because the Application type is set to "internal".
But setting it to public is not always the right answer...
Add "&prompt=select_account" to the authentication url. This will force the user to select the correct (organization-)account.
Without the parameter, Google tries to show the consent screen for the logged in Google-account, but as it is not an organization-account it will just display the 403 page without giving the user this choice.
https://developers.google.com/identity/protocols/OpenIDConnect#prompt
I had an Internal app that I was trying to authenticate with one of our YouTube channels using an organization account, and I was getting the same error:
Authorization Error
Error 403: org_internal
This client is restricted to users within its organization.
After contacting Google Workspace Support, they asked me to Change the restriction on it from Limited to Trusted.
Steps are mentioned in this support thread: https://support.google.com/a/answer/7281227
Open the Google Admin Console.
From the sidebar menu, choose: Security → API Controls.
Click on MANAGE THIRD-PARTY APP ACCESS button.
Hover the cursor over the required app and click on Change access.
Choose the option: Trusted: Can access all Google services
And save the CHANGE.
Once you've done, take note that there will be 24 hours of propagation on it before it gradually takes effect.
Make sure, for the browser you are using, that you have logged out of "All" Google account(s). This should force the "select account" windows to display.
We have almost exactly the same problem while trying to configure WP Mail SMTP for Wordpress.
The OAuth Client's Application Type has to be "Internal" so changing it to "External" was not an option for us.
Hope this helps.
I had the same issue and in my case was because the project didn't had a support email address set it.
I fix it by adding one on the Firebase Console > Project Settings > General under the Public settings section.
This error is most likely due to the configuration of your application in Google Cloud Platform.
Setting your application to "internal" is causing this error. Try making your app "external" in the OAuth consent screen, but make sure it is in a "testing" status. Then, add yourself to the test users. This configuration will work well for an internal, lightweight application.
Once complete, try to authenticate with the channel again.
I had the same issue with a project. The error only appeared if I tried to log in to my app while already logged in with an account outside the organization (worked just fine while logged out of all accounts, or while logged in with an internal organization account). I had to change the OAuth Client's Application Type from Internal to Public in the Google Dev Console.
More info can be found at https://support.google.com/cloud/answer/6158849?hl=en
Maybe you have another google email to login, not the correct one.
I am using Firebase Auth signInWithPopup() which is absolutely great. But
when initially configured, the popup reads:
Choose an account to continue to myApp-123.firebaseapp.com
I would really like it to read:
Choose an account to continue to myApp.com
How can I make the popup show my own domain?
In my solution that follows I should say that the steps I followed worked. It is possible that I did something that it not absolutely required, but to my knowledge and at this time, I have not broken anything.
This workflow (and the documentation) is a bit broken up because you must adjust both your Google Cloud Platform (GCP) credentials and the Firebase authentication. Documentation was provided by each side of this workflow but I was not able to find a document that covered the entire workflow to make this substitution.
GCP Console Setup
I first adjusted my GCP credentials for the OAuth Client:
Go to the GCP console > APIs & Services > Credentials page (https://console.cloud.google.com/apis/credentials?project=_ and select your project)
At the bottom of the page, find "OAuth 2.0 client IDs". There should be an entry titled "Web client (auto created by Google Service)"
To the right side of page click on the edit icon (pen), which opens the configuration page.
Under "Authorized JavaScript origins", you should see your yourFirebaseApp.firebaseapp.com domain. Click "+ Add URI" and add your custom URI. This should be an "https" domain, so use https://myApp.com
Under "Authorized redirect URIs", you should see https://yourFirebaseApp.firebaseapp.com/__/auth/handler. (The __/auth/handler bit on the tail is the auth callback that Firebase provides). Click "+ Add URI" and add your domain, with __/auth/handler at the end. (For example: https://myApp.com/__/auth/handler)
Click Save
Go to the OAuth Consent Screen (https://console.cloud.google.com/apis/credentials/consent/edit?project=_). Add your custom domain to "Application Homepage link", and fill in the "Application Name" and "Logo", and "Application Privacy Policy link" with custom values for your app.
Firebase Console Setup
Then, you'll need to add your custom domain to the Firebase auth authorized domain list:
Go to the Firebase Console > Authentication > Sign-in Methods page (https://console.firebase.google.com/project/_/authentication/providers and select your project)
Under "Authorized Domains" you should see localhost and the default yourFirebaseApp.firebaseapp.com domain. Click the "Add Domain" and enter your custom domain name, then click add.
Web App Setup
You will likely remember the block of code that you copied from your firebase project and pasted into the code from which you compile and deploy your Web App. (Some people use the hosting default init.js script - if you do, go back and setup your app using the config snippet instead)
Find the "authDomain" field in the code snippet, and change it to your custom domain, then re-deploy.
This procedure worked for me and my project, I have posted this in the hopes that these instructions may be refined via feedback from others performing this or similar operations.
I asked firebase support and got the following reply. Items in italics are my additions. This is more or less the same as Done's answer but with a custom domain. You do not need to host your app on Firebase.
--
Hi Jayen,
Thank you for reaching out. I'll be happy to assist you.
In order to update firebase-project-id.firebaseapp.com in the OAuth consent screen, you need a custom domain with Firebase Hosting (Firebase Console > Hosting > Connect Domain). This is because https://firebase-project-id.firebaseapp.com/__/auth/handler is hosted by Firebase Hosting. You need to point your custom domain to firebase-project-id.firebaseapp.com.
When connecting the custom domain, if you are not hosting your app on firebase, use a new subdomain (e.g. app.yourdomain.com) and do not redirect it. Firebase will prompt you to add a DNS entry and take of the SSL certificate automatically.
After connecting your custom domain to your Firebase project, you should also follow the steps below:
Go to the Firebase Console > Select Project > Authentication > Sign-in method > Facebook > Copy the URL under 'To complete setup, add this OAuth redirect URI to your Facebook app configuration.'
It will look something like https://firebase-project-id.firebaseapp.com/__/auth/handler
Replace the project ID with your custom domain. It will look something like: https://yourdomain.com/__/auth/handler
Go to the GCP Console > Select project > API Manager > Credentials > Add the link in #2 to the 'Authorized redirect URIs'
Then ensure to use yourdomain.com as the authDomain in your app's configuration instead of firebase-project-id.firebaseapp.com
firebase.initializeApp({
apiKey: ....,
authDomain: 'yourdomain.com',
...
});
Let me know if you have any other questions regarding this.
Regards,
Aye
--
In my case, yourdomain.com is where I host my site, so I used app.yourdomain.com where I needed it.
Firebase Hosting URL
handler url: https://app.yourdomain.com/__/auth/handler
GCP Credentials
Choose the right one under OAuth 2.0 client IDs . The client ID will match the one you have configured Firebase with in your code.
authDomain: "app.yourdomain.com"
For some reason, my firebase project apikey associate with database changed. I can still create another api key, update into the application.
But when user try to reset password, the link use the old key and lead to "Your request to reset your password has expired or the link has already been used" (I think I read this problem somewhere and now I found the reason).
Is there anyway to update new api key for an existing firebase project?
Thank you
Somehow, my original apiKey was recovered. You can find the original key (which were deleted from console.google.com) associated with the application on the main firebase page, through
Overview > Project settings > GENERAL
Basically, when users requested to recover the password, firebase will send an email with recovery link. If you have a look at the link, you will see the API included in the link is the one that no longer exists.
I recommend you to contact firebase support. I don't have an official way to solve the issue but here is quick I can think of, following as
Create new API at console.google.com > choose your firebase project
Create a page with a function that can read URL parameters. Make it receive firebase recovery password URL and replace dead API with new
one, then redirect you to new firebase recovery password URL
Edit email template by adding the page you created on step 2, with firebase recovery full URL as a parameter
To be more accurate, here is an example.
I have my project called "MyFirebaseProj", my domain is "example.com"
I go to console.google.com, choose "MyFirebaseProj", on API Manager panel, choose Credentials > Credentials. Click on Create credentials > API Key. So I got a new API key call "MyNewLongAPI".
I created a recover-password.html password and have this javascript function https://codepen.io/hieunc229/pen/mWwVbv (this one will read the firebase url, get oobCode and generate new URL). Edit the javascript so it will redirect the user to new URL. Upload this one into my host (mydomain.org/recover-password.html)
On Firebase console, Authentication > Email Template > Reset Password. Change the link to something like
<a href='http://example.com/recover-password.html?url=%LINK%'>%LINK%</a>
Then save it
Now when user go into your recover password page, they will be redirected into firebase url with new API and it should works
Hope it helps!
If anyone run into the same issue, as I get in touch with Firebase team and they are investigating about it. Currently there haven't been a way to help it.
I' working on a login page where I want to use WeChat as login option and I have a WeChat official account. In my understanding of the documentation it's supposed that the next link would generate a QR code to scan and after the user authorization redirects somewhere else...:
https://open.weixin.qq.com/connect/qrconnect?appid=wx8bxxx21bxxxx0fxxx&redirect_uri=https://myhostname/oauth2.php&response_type=code&scope=snsapi_login&state=101#wechat_redirect
But the link doesn't work. I don't know if I'm missing something or maybe the site https://myhostname/oauth2.php has to have a previous authorization call to WeChat... ???
Somebody has worked with this WeChat stuff?
Thanks in advance!
I realized later that you must have a WeChat Open Platform Account, where you register your web application, wait for approval, and then give it the login permission to get access to that QR Code functionality
If you are working on how to login web page after scanning qrcode of an offical account on the web page.
There are two ways to approach this.
Scan service official account
You can generate the qrcode injected with parameters. then after you scan, there will be an event triggered in your backend.
Capture the event and extract the parameter, then do the authentication in the way you want.
The basic workflow:
app frontend request your backend for a session.
app backend call wechat api to generate a qrcode, injecte with any parameter you like.
app frontend show the qrcode.
user scan the qrcode of the service account.
if user did not subscribe, then subscribe the official account.
backend receive the scan event, extract the info and authenticate the user.
Scan subscription official account
In subscription get less programing support, but you can still achieve it by design a random code.
The basic workflow:
app frontend request your backend for a session.
app backend generate a random code.
app frontend show the qrcode of the official account with a random code.
user scan the qrcode of the subscription official account.
if user did not subscribe, then subscribe the official account.
user input the random code in the official account message UI.
backend receive the code and authenticate the user.
attach user info in your db with openid if you want.
Use an open platform to do it in the smart way.
If you doing this for one official account, it is ok. Let's say if you want to reuse this for multiple official accounts.
Maybe can use the open platform way, so you can have only 1 backend to handle multiple accounts.
Wechat offer an open platform, here is the get start doc.
Register an open platform need to pay 300RMB for verification, more troublesome part is, you need to register a company to be qualified to pay.
So maybe using a third party open platform will be a better choice. Such as Dagui Qrcode Tool.
Key take aways
Use parameter Qrcode for service official account login
Use account qrcode with random code for subscription official account login
Use open platform for scaling
Authentication is flexible, the key is the event exchange flow.
More secret technology related to wechat development, can refer this article
You need to set the OAuth2.0 web authorization domain to your subdomain in your redirect url, such as: wechat.myredirectdomain.com.
This setting is hidden on the WeChat official account dev setting dashboard, some where in between the API list, make sure you set it properly.
I have a few apps under my personal firebase account for testing, but now need to transfer an app to a client's account for billing purposes. Is this possible?
Thanks!
I recently shifted ownership of one of my projects to another account. All you have to do is:
Go to your Firebase console, and select the project you want to shift.
Select the cog icon besides the project name on top right.
Select Permissions from the flyout.
Select Advanced permission settings hyperlink.
You've reached the IAM & Admin page of Firebase.
Click on +Add button on top.
Enter the email ID of the account that you want to transfer the project to.
In the dropdown, Select a role > Project > Owner. Click add
You will receive a confirmation email. Click the link in the email to accept the invitation.
Accept the invitation, and go to IAM & Admin page of the transferred project.
Use remove button to delete the previous user
#SergeyKopanev
Transfer the billing
After deleting the first user in the Firebase Console, login to your Google Cloud Platform console with your new user.
Go to Billing > Account Management
Click on the three dots next to the project ID you just transferred, and select Change billing.
Confirm by clicking on Set account and you are done !
Note that this is an old answer and there might be more up to date solutions below.
This is a reply received after emailing to firebase-support#google.com, which is the official firebase support email after gogle acquired firebase in late 2014.
From: firebase-support#google.com
In order to transfer ownership of a Firebase instance, we need you to
do two things: add the new owner as a collaborator; then, fill in the
form below and email it to us as written verification. This must be
sent from the email address which owns the Firebase instance.
-----------------
REQUEST TO TRANSFER OWNERSHIP
I authorize the Firebase team to make **<new owner’s email>** the owner of https://**<firebase instance>**.firebaseio.com effective immediately. I have added **<new owner’s email>** as a collaborator to verify the email address is correct and to certify that I am the current owner. I understand that I am effectively granting **<new owner’s email>** full read and write access to all stored data for this instance.
-----------------
It is more simple now.
Click gear icon beside Project Overview
Click on Users and Permissions
Click on Add Member
Type the email address and choose the role as Owner
Click on Add Member
and that's it you are done. An invitation will be sent to the email id. They just need to accept.
follow this steps :
- select you project
- from left side menu select
(Users and Permissions) from settings icon
Click on +Add button on top.
Enter the email ID of the acc to transfer the project to.
In the dropdown, Select a role > Project > Owner. Click add
Check mail in the email added above.
Accept the invite, and go to IAM & Admin page of the transferred project.
Use remove button to delete the previous user
For projects on the new Firebase Console (at https://console.firebase.google.com), this is now a self-service process. See the answer to this question: How to add collaborators to a Firebase app? for a step-by-step guide.
Here from my account just add a different email as owner role
I sent an email to the support email address and a bot replied:
---------- Forwarded message ---------
From: <support#firebase.com>
To: <REDACTED>
Transfer Ownership of Firebase Account
Hey there,
In order to more efficiently process your issue, we now only accept
new support requests through our support portal at
https://firebase.google.com/support/.
Please submit your inquiry there. Thanks in advance!
Cheers, Firebase Support
To make my transfer request I created a ticket under Account Services https://firebase.google.com/support/contact/account-services/
If FirebaseDatabase.instance.reference() is giving you the reference from the old database already deleted try this:
Change the name of your "package_name": "com.old.appname" on all occurrences to be different from the old one.
Right-click on your project folder
click on Find in folder option
search com.old.appname and change all occurrences to com.new.appname