While attempting to implement Google+ sign in, I receive this error:
Upon clicking the sign in button, I receive a redirect_uri_mismatch, error stating that:
The JavaScript origin in the request:
http://70132bd6.ngrok.com did not match a registered JavaScript origin.
I have added the link (along with several others just in case) in my developer console under origins:
How do I resolve this mismatch issue?
Additionally, why is there a prepended storagerelay:// in the redirect uri of the request details. It says it is: redirect_uri=storagerelay://http/70132bd6.ngrok.com?id=auth109348. Where is the extra part coming from?
Please make sure you are using correct client_id. It is common that developers created multiple clients, and set those origins on a different client. Please double check.
Related
Ever since Google made some minor changes to their Google OAuth API side, I haven't been able to correctly configure and use the Google OAuth, indicated by the error message: Error: redirect_uri_mismatch The configurations fail, despite me following the setting up Google OAuth instructions in detail.
Can someone kindly help point out what I am doing wrong or missing?
Just in case you aren't familiar with what I mean by the Google OAuth instructions, find below an image illustrating what I mean:
I skip 2. "Create Project" (since the project already has a priorly recorded name)
and head on to step 3.
After entering an email address and the product name as suggested
in step .3 , I save.
I carry out steps 4, 5 without any problem.
On step 6 I realise that my configuration instructions isn't up to date, because as at this point, I notice that Google has added a few Mandatory fields to be filled in. A person now has to Authorize Javascript Origins as shown in the image below. Note the https://3e908b9b.ngrok.io (fictitious for this case) link that I filled in.
I click the Authorized domains list link that takes me back to the OAuth Consent Screen and paste in the exact same link https://3e908b9b.ngrok.io as seen in the image below, then save as seen in the image below.
Doing this, permits me to complete the process successfully as seen in the image below finalised by clicking Save.
On my Meteor app side, I finalise by filling in the Client ID and the Client Secret details, as seen in the image below.
When i later try to login using Google OAuth I get this frustrating error message Seen below..
This is an issue i never used to get untill Google made a few changes on their side. I cant seem to figure this out.
Any help would be greatly appreciated!
The error message tells you exactly what the problem is the redirect uri you are sending from https://3XXXXXngrok.io/_oauth/google does not match one of the ones you have supplied in the Google Developer console for your project.
You appear to have set https://3XXXXXX.io/_oauth/google?close they must exactly match.
Solution
simply add https://3XXXXXngrok.io/_oauth/google as a redirect uri or remove ?close from the one you have added
Consider the following situation:
I have a MVC setup where the view invokes a mapper to get a specific URL for a href attribute. The mapper holds keys to make the referencing easy.
Now the view requests an invalid key, so the mapper responds with say /invalid_url. But the dispatcher knows this URL and when a user clicks the link an error message will be displayed about how bad we feel.
But what if the Google Bot visits this invalid URL?
What would a search engine friendly status code be? I feel like 500 would be appropriate because it is a server side failure. But then this has the feeling of being a temporary error or somehow not related to the URL but to the internal mechanics. The other option that comes to mind is 404. This is also valid because the requested page does not exist. However 4xx errors are client side errors ("You requested the wrong URL. So it's basically your error"). And it just doesn't feel like a client side error to me.
Am I overthinking things? Should I just go with 404?
When I have a question like this, I refer to a site like http://www.restapitutorial.com/httpstatuscodes.html
5xx error codes imply that the server made a mistake. But you're saying the view (client-side) requested the wrong key. That sounds like a client-side error to me. While it's not the user's fault, the server doesn't know this, and the requested URL really doesn't exist. So a 404 would be appropriate.
But this is a weird case, and you should still want to fix the underlying issue of the client consistently(?) requesting a bad url.
When I send a one-off document to RightSignature via their API, I'm specifying a callback location in the XML document as specified in RightSignature's schema definition. I then get a signer-link value back from their API for the document. I display the HTML response from the signer-link URL in an iFrame on our website. When our user signs the document in this iFrame, which is rendering the responses from their website, I want their website to post to our callback location.
Can I do this with the RightSignature API and does it make sense?
So far, I'm only getting content in the iFrame that indicates that the signing was successful. The callback location does not seem to be getting called.
I got it solved just now. Basically, i was doing two things wrong first you have to go in RightSignature Account and set it there the CallBack url
Account > Settings > Advanced Settings
But the thing which RS is unable to mention to us that this url can not be of localhost, but it should be of https i mean like Live URL of your site like
https://stagingmysite.azurewebsites.net/User/CallBackFunction
And then in your CallBack just write these two lines and you will receive complete XML which would have the GUID and document status as well.
byte[] data = Request.BinaryRead(Request.TotalBytes);
string callBackXML = System.Text.Encoding.UTF8.GetString(data);
I found the answer with some help from the API team at RightSignature. I was using callback_location but what I really wanted is redirect_location. Their online documentation was difficult to follow and did not clearly point out the difference.
I got this working after a lot of trial and error.
I have a website that has been experiencing errors because of null references due to poorly coded logic regarding the user agent. Basically, there has been a slew of incoming requests that contain no user agent which leads to null reference exceptions in the user agent tracking. (It contained a call to "Request.UserAgent.ToLower()) I am correcting this logic to avoid the error condition. Since I'm certain these requests are coming from specialized tools and not ordinary users, I'm also blocking empty user agents via URL rewrite rules.
I need to test both of these changes. However, I can't seem to find a user agent spoofer that will enable me to generate a simple get request with NO USER AGENT. All of the tools that I have tried will allow me to do a custom agent string, but they won't let that string be left empty and there are no options that I can find to tell it to send no user agent.
So my question is, what tools are available, for a Windows-based system, that I can use to emulate a browser request with NO USER AGENT so that I can verify that my changes are working properly?
I believe that value is coming from the request headers. If yes, just try
Fiddler. Go to composer tab (see below) - by default it adds User-Agent to the request, however when you delete it in the Composer it seems to disappear from the request.
I'm doing some requests to an API via WordPress, and the API uses SSL connections if they're turned on in the API settings. I'd like to determine whether SSL is turned on or off without having to ask the user if SSL is turned on on their account, and the API does a good job at redirecting, meaning
If I access http://api/endpoint and SSL is turned on, I'm redirected to https://api/endpoint
If I access https://api/endpoint and SSL is turned off, I'm redirected to http://api/endpoint
Now what I'd like to do is see whether a redirect happened or not and record that to my options so that the other requests are fired to the correct URL without any redirections.
So my question is: is there a way to determine the final destination after firing a WP_Http->request() when the request is being redirected?
I can't see any info about that in the response arrays, I only get to see the final response but I have no idea what URL that came from. What I can do is set the redirection parameter to 0 and catch the max redirects allowed error, but that's not bullet-proof, since I still don't know whether the redirect happened from http to https or simply another page under http.
I hope this all makes sense, let me know if you have any ideas.
Thanks!
~ K
check $response['headers'] - they may contain 'location' key.
It all depends on the HTTP library you are using.
See class-http.php(wp 3.0.1) file:
line 1393, http_api_curl action - curl handle available directly to catch anything.
fopen:
check lines 887-888, and $http_response_header variable.
also, try to override processHeaders function as it has an access to raw http headers.
The WP_Http class processes the headers and removes all but the last one. So you could do what jetdog described above. Check the original URL and compare it to the returned $response['headers']['location']. If it is different, than you know it redirected.