I am integrating Box.com with my application. My flow is when the employee login for the very first time, he will be presented with Box Page in an frame (Please note I am not using Box Embed Widgt as such).
After entering the valid username and password in box page, then user wil be taken to another page, where he can select "access to box" or "Deny Access".
Now my issue is when I click on Deny Access nothing happens, I get a blank screen. When debug it reaches my application back and but nothing happens.
Could you please guide me.
Thanks
If the user clicks deny, then Box will call your redirect URI (on your server) with
You will receive a GET request at
https://www.yourServer.com/someendpoint?error=access_denied&error_description=The+user+denied+access+to+your+application
You will need to handle that response, and know that the user decided they did not want to use your application.
You do get a notification of the denial via the page registered with Box.
When you register your application with Box you provide a page (your page) that will be called when the oAuth completes.
This is explained in this tutorial: http://developers.box.com/oauth/
Look particularly at this section:
Authorization Code: The authorization code is only valid for 30 seconds.
However, if the user clicked Deny, you will receive a request with an error and error_description parameter, such as:
GET https://www.sean.com/rose?error=access_denied&error_description=The+user+denied+access+to+your+application
Related
When I log in with an account which does not belong to the expected domain, this message is shown (which is correct).
I think this message is kind of ugly and not understandable for a non-developer person. Is there a way to modify this message in the Google Cloud Console or inside the OAuth code? I would like to display for example:
The email you used does not belong to the happy.com domain.
I fount this Feature Request In the Public Issue Tracker, and there they suggest to follow the steps of Customize the rejected-app message. Basically it mentions:
Your current account, user#domain.com, doesn't have permission to do these steps. To continue, switch to an administrator account. This will open the Google Admin console.
Switch to administrator account now or Learn more
From the Admin console Home page, go to "" and then Security and then API controls.
Under App access control, go to the Settings section.
Type your custom text in the box under the following message: Show this message if a user tries to use an app that can’t access restricted Google services.
Click SAVE.
If this doesn't make it, I would recommend you to comment on that FR in which they mentioned:
I have filed this feature request internally.
You might also want to ‘star’ the FR to ensure that you receive updates about it. You can also adjust notification settings by clicking the gear icon in the top right corner and selecting settings.
I have received a mail from noreply-apps-developer#google.com with the subject “[Action Required] Submit your app(s) for Restricted Scopes OAuth verification”. In the email body, there is a link to the Google API Console. After I am in the Google API Console, under the tab named “Credentials” 2 fields are highlighted.
Following is the screenshot of the same.
Link to screenshot
I would like to know the reason for the error “Invalid domain”. Also, would be great if you can help me resolve the issue.
Please note: In the sections highlighted in red color, the site URL is present. I have removed it from the screenshot for security concerns.
Edit1:
As suggested, I have added the links for privacy policy, domain, etc. When I click on the "Submit for verification" button, a modal appears. I am unable to identify what information I need to add here. The details are as follows:
link for the screenshot of the modal which appears when I click on the submit button.
The application interacts with gmail in 2 instances:
1. Sending emails.
2. Reading emails received (emails having a particular subject line) and accessing the attachments present in it.
There is not other use of the gmail connectivity.
I am confused whether I should mark the application as "Internal" or should I submit it for verification. If I have to submit it for verification, then what details should I insert in the modal that appears on click of the "submit for verification" button (screenshot has been shared).
Request you to help me resolve the issue.
All URLs in your project must match one of your Authorized Domains. But your screenshot shows this field to be blank. You will need to tell Google which domains your app is allowed to run on.
For example, let's assume your homepage is at https://www.example.com/ and your privacy policy is at https://www.example.com/privacy. You'll need to include example.com in the first field under Authorized Domains.
In this screenshot below, I've added a matching Authorized Domain and the errors are resolved.
Check the "Learn more". It was stated in bold text that:
Add your Authorized Domains before you add your redirect or origin URIs, your homepage URL, your terms of service URL, or your privacy
policy URL.
Looking into your screenshot, something is missing and it is your Authorized domains.
We are creating a Gmail add-on that integrates with a CRM product. The product is single-tenant and every client has their own site path under our domain. Each client also has their own path to authorize with, e.g. https://example.com/siteA/oauth/authorize.
When setting up the custom auth screens, it looks like we are expected to know the url to assign to a click event on the auth button.
authButton2 = CardService.newTextButton().setText('Begin Authorization!')
.setAuthorizationAction(CardService.newAuthorizationAction()
.setAuthorizationUrl(authurl));
I would like to have some user input before this point. I was playing with an input field where the user could type their site name an then click the authorize button although I was not able to overwrite the original authurl supplied to the setAuthorizationUrl method.
Ideally it would be nice if the add-ons had a way to store some one-time input (like "site name" in this example) so we would not have to ask again, but I have not found anything like this.
This seems like we need a central auth endpoint but am trying to avoid this.
Anyone have any experience with this or any ideas?
Just build the authorization button using the proper url after you get it from the user input.
You can't modify that button once you create it. Rather than modify it, just create the button after you receive the url and reload that card. Or put the authorization button a new card that you push to the top once you receive user input on the auth url.
I was following the steps from box.net document
http://developers.box.com/get-started/#authenticating
I can get a ticket as it said first.
Then I use that ticket at following url https://www.box.com/api/1.0/auth/{your ticket}
in a browser, it works as it says. the browser will direct the user to box login page.
In that login page if I input username/password for login.
I can get the auth_token as the document says.
The problem is while I didn't choose username/password for login but use google openid to login an box account.
I will not able to get that auth_token as the document says. the returning response with following status:
not_logged_in
I want to know if this is a bug or I not correctly using the API to get that auth_token.
As many of box user now are using google openid as primely login choice this seems an common use case need be supported.
If anyone know the answer would be very appreciated.
Thanks
If a non-OpenID user is able to authenticate through the Box API's standard authentication process, then your code is fine. We have had reports of issues for our Single Signon issues, so this is likely a bug on our end.
Just make sure your app can authenticate users who have Box passwords. When we resolve these SSO issues, OpenID users will be able to connect your app without any changes on your end.
Suppose I am going to create a web page with two box, for entering the user id and user password respectively. And then once i click the submit button, it will check with the database in background whether this user exist. If it matches anyone in the database, the user id and user password will be forwarded to the other page, at the same time it will redirect to that user's main page.
Can I just use servlet to complete this task?
I found there is request.Dispatcher API but is it enough for the task?
String name = "Tom"
request.setAttribute("name",name);
RequestDispatcher dis = request.getRequestDispatcher
("Servlet2");
request.Forward(request,response);
in second servlet file
request.getAttribute("name");
//this line will display "Tom"
One more question to ask, how about clicking a link (INSTEAD OF BUTTON) to pass some data and redirect to other servlet pages? Any idea? Many thanks for your reply.
Yes, you can use a servlet for this. Whether the dispatcher is enough or not depends on the concrete functional requirements which are not fully clear from your question. The canonical approach, however, is to store the logged-in user in the session scope instead of in the request scope. Otherwise the user has to login everytime the user want to visit a restricted page.
Also, you normally would like to send a redirect after the login succeeds. This way the new URL get reflected in browser's address bar. Also this way pressing F5 afterwards won't cause any possible surprises. Forwarding from one to another servlet is at its own also somewhat a design smell. Including would have been reasonable, but forwarding not. As said, send a redirect instead.
As to using a link to submit a form, just execute JS form.submit() during the click event.
<form id="login">
...
login
</form>
An alternative is to style the button to look like a link with a little help of CSS. This way it'll also work on clients who have JS disabled (for example, the handheld users).