Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Google: Permission denied to generate login hint for target domain NOT on localhost

Tags:

google-signin

google-admin-sdk

I am trying to create a Google sign-in and getting the error:

Permission denied to generate login hint for target domain

Before you mark this a duplicate, this is not the same as the question asked at Google sign in website Error : Permission denied to generate login hint for target domain because in that case the questioner was on localhost, whereas I am getting this error on the server.

Specifically, I have included the url of the server in the Authorized Javascript Origins, as in the following image: Javascript origins

and when I get the error, the request shows that the same url was sent, as in the following image: Invalid request page

Is there something else I should be putting in my Restrictions page? Is there any way to figure out what is going on here? Is there a log at the developer console that can tell me what is happening?

like image 241
jimboweb Avatar asked Mar 15 '16 19:03

jimboweb

2 Answers

Okay, I figured this out. I was using an IP address (as in "http://175.132.64.120") for the redirect uri, as this was a test site on the live server, and Google only accepts actual urls (as in "http://mycompany.com" or "http://localhost") as redirect uris.

Which, you know, THEY COULD HAVE SAID SOMEWHERE IN THE DOCUMENTATION, but whatever.

like image 100
jimboweb Avatar answered Nov 03 '22 06:11

jimboweb

I know this is an old question, but it's the first result when you look for the problem via Google, so I'll share my solution with you guys.

When deploying Google OAuth service in a private network, namely some IP that can't be accessed via the Internet, you should use a magic DNS service, like xip.io that will give you an URL that your browser will resolve to your internal IP. You see, Google needs to be able to reach your authorized origin via your browser, that's why setting localhost works if you're serving it on your computer, but it won't work when you're deploying outside the Internet, as in a VPN, intranet, or with a tunnel.

So, the steps:

  1. get your IP address, the one you're deploying at and it's not a public domain, let's say it's 10.0.0.1 as an example.
  2. add http://10.0.0.1.xip.io to your Authorized Javascript Origins on the Google Developer Console.
  3. open your site by visiting http://10.0.0.1.xip.io
  4. clear your cache for the site, if necessary.
  5. Log in with Google, and voilà.

I got to this solution using this answer in another question.

like image 48
fixmycode Avatar answered Nov 03 '22 07:11

fixmycode
Sign in to Comment

Related questions

Unable to block room using Google calendar Api
Why does a service account with delegated domain access still need impersonation?
How do I use JWT to access Google Directory (Admin SDK) using NodeJS client libraries?
Google Calendar API view / edit rooms / resources?
Retrieving Google User Photo
firebase.auth().currentUser is null
Can't list users with Google Directory API Admin SDK
OrgUnit Not Found using Google Directory API
How to get user information with Google API PHP SDK
Use Amazon SES and Google GSuite for the same domain
Creating and setting custom attributes for Google Admin SDK
Did something change/break with Google Directory API over the weekend?
Use bash curl with oauth to return google apps user account data? [closed]
Google_Service_Directory - (403) Not Authorized to access this resource/api
I can't see the files and folders created via api in my Google Drive using php
Admin SDK cannot set settings for Firestore
How do I find the immutable id of my Google Apps account?
Determine Whether User is Group Member
Getting "Domain cannot use apis" when using Google Admin SDK Directory API
Batching operations in Google Apps Admin Java API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!