Error type: "Forbidden". Error message: "The referrer null does not match the referrer restrictions configured on your API key. Please use the API Console to update your key restrictions." Domain: "usageLimits". Reason: "ipRefererBlocked".
I'm getting this error trying to use Youtube api with browser key.
On my wordpress site i'm already using maps api, which works fine with that same browser key.
What is going wrong?
Go to Google Dev Console: https://console.developers.google.com , then go to Credentials, then click on the neame of the API keys you are useing in your site, then add you domain name in the "Accept requests from these HTTP referrers (web sites) (Optional)",
example:
*.yourdomain.com/*
note: you need go to domain verification area and verify that you own the domain, also make sure to enable "YouTube Data API" under "YouTube APIs"
Related
I set up restrictions to my Firebase api key so that only my website and localhost can access to Firebase services but I've got a question.
Let's say that for testing purposes I want to call an endpoint from Postman, how can I setup restrictions so that I can call Cloud functions from postman?
Everything works from localhost and the website but when I try to call an endpoint from Postman it gives me this error:
{
"message": "Firebase: Error (auth/requests-from-referer-<empty>-are-blocked.)."
}
Ok apparantly only few routes work, the login gives me no errors meanwhile the signup route gives me the same error you see above, I don't know why...I set up restrictions such every subroute of my site can access the Firebase products
I have an app in xamarin forms, and I need to implement Google authentication. In my Google API, I have OAuth credentials using Web Application.
The problem is in the Authorized redirect URIs: when I configure the URI using the https, I can choose what account to log in to. After choosing the one I want, I get this error:
Seeing some Youtube videos, I´ve seen that I need to use HTTP instead of HTTPS, but when I try to use this way, I get this error BEFORE I get the Google user´s accounts lists:
So I´m sticking in it and can´t authenticate the user.
I´m using Xamarin Forms, and on the app, there´s no exception thrown.
The redirect URI (where the response is returned to) has to be registered in the APIs console, and the error is indicating that you haven't done that, or haven't done it correctly.
Go to the console for your project and look under API Access. You should see your client ID & client secret there, along with a list of redirect URIs. If the URI you want isn't listed, click edit settings and add the URI to the list.
Note that updating the google api console and that change being present can take some time. Generally only a few minutes but sometimes it seems longer.
So I have email link signin (password less) working for iOS and Android, but if a user requests the email and then opens it on a web browser, they see this message:
Error encountered
{"error":{"code":400,"message":"API key expired. Please renew the API key.","errors":[{"message":"API key expired. Please renew the API key.","domain":"global","reason":"badRequest"}],"status":"INVALID_ARGUMENT"}}
I need them to click the link using their mobile device in order for the authentication to work, but ideally I could provide a more graceful message here that tells them to open the link on the mobile device. Any ideas?
I've now got this redirecting to my own website. Long story short - for some reason my Firebase hosting site was not configured properly and thus this authentication url was not being handled as it should. Fixable by recreating hosting site or just creating an additional site under hosting and using that for the email action url.
What I did was:
Create an Additional Site on Firebase Hosting. I made it additional so I wouldn't have to worry about messing with the Dynamic Link setup that is currently working on the default site.
Then under Authentication > Templates in the Firebase console, I changed the action url to use the new site but still have the (__/auth/action?...) path after the domain.
Now, when this url is accessed via a desktop browser, the user is redirected to the continue url (specified in the action code settings of the mobile app) and I display what I want on this continue url.
I noticed that in my Google API console, Firebase created a new Browser key and that it is being used whenever this auth link is clicked. Perhaps this was the issue all along. I wonder if I somehow restricted the wrong key. Anyways, if you run into a similar issue, check your API keys and their restrictions and/or just create a new additional site in Firebase hosting and use that.
I have a chrome extension using Firebase that is running for years now.
Recently I have activated the 'Strict Mode for Redirect URI' in the Facebook Login option, and the Login is not working anymore.
I've copied the URI givent by Firebase in the 'Valid OAuth Redirect URIs' : https://safestkeys.firebaseapp.com/__/auth/handler
But this link doesn't pass the 'Redirect URI Validator' provided by Facebook...
When I try to log I get the following error messages:
Blocked URL: Redirection failed because the redirected URI is not trusted in
the application's OAuth Client settings. Make sure that the OAuth Client and Web ID are enabled and add the domains for all your applications to the list of allowed URIs.
Unable to load this URL: The domain of this URL is not registered in those of the application. To import this URL, add all the domains and subdomains of your application to the Domains field of the application settings.
I've also realized that even with these errors, the login actually works...
I am getting redirect_uri_mismatch error while getting refresh token using Google Calendar API V3. I have web application, which shows google calendar access consent window to user and if user allow access than i store refresh token received from request to my database. I also have windows service which runs once daily. This service fetch google calendar events for all users who have allowed calendar access into my application. It is working fine in my local environment but gives error on live site.
I have choose Application Type as Other while generating client id and secret. How can i resolved this error on live URL or where can i change redirect uri in Google API Console?
I have both web application and windows service using calendar api so i want same client id and secret needs to be used for both. Generating separate token for application type web application and other for windows service is not an option for me because i have tried that and it throws unauthorized client error while windows service try to fetch calendar events using refresh token generated throw web application client id & secret.
This error indicates that you are using the web redirect flow instead of the recommended flow with JS widget support. The web redirect flow does not take advantage of many features such as Cross-Device Sign-On, Over-the-Air Install, and so on.
This issue is related to the Authorized Redirect URI field settings for the Client ID.
To resolve:
Access your list of credentials in the Google API Console .
From the project drop-down, select your project .
On the Credentials page, look for the list of OAuth 2.0 client IDs, and select the web application client ID. This takes you to a details page.
In the Restrictions section, the Authorized Redirect URI field(s) should contain the appropriate protocol, host name, port, and path information that will receive the redirected flow.
Here's a related SO ticket: Google OAuth 2.0 redirect_uri_mismatch error