I have a website I developed for a client. One of the pages displays a list of street addresses, for which I also have LAT/LONG data. The client requested to add a little map next to this list with a marker for each address.
I would like to use Google Maps API v3, but I have a problem registering client's internet facing URL, which has a form of "ip address:port" (i.e. something like http://123.45.67.89:555) and which I - naturally - do not own and do not have domain admin access. Likewise, their domain admin - whoever s/he is - does not and will not have access to my Google API project for which I'm trying to register the key.
So far I was able to register the client id for local development in a form of http://localhost:5555, but when I'm trying to add the client's URL I'm getting an error
OAuth 2 redirect URL "http://123.45.67.89:555" is invalid.
I searched for solution for this problem and found a suggestion to whitelist the URL in the Google API Console. Yet when I'm trying to add this URL to approved domain list ("notification endpoints") I'm only getting another error:
You do not have access to the following domain:
http://123.45.67.89:555
which is, of course, true. The documentation also says I cannot register a domain I don't own.
So, my question is: how do I register a Client ID for Google Maps API V3 for the client's URL to which I don't have domain admin privileges and whose domain admin doesn't have access to my API project?
Thank you!
Nikolai
You can create a view of the table (File | Create View ...) and own the view (https://support.google.com/fusiontables/answer/171206?hl=en) - thus enabling you to have your own version of the table which is in sync with changes.
As a footnote remember to deal with Cross Origin Resource Sharing (CORS) in your API project by using JSONP for example (https://developers.google.com/storage/docs/cross-origin).
If your are using Google Maps API v3, there is no need to use Google API Key. Simply use below script.
<script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false"></script>
Related
When attempting to use Google federated authentication login button for a Google webapp, error message identified mismatch with related URI and javascript host domains. Solutions, as in this 2019 post (Get gmail address using Google Apps Script, Error: redirect_uri_mismatch) weren't working for me.
I then found this recent article: What is the Authorized Javascript Origin for a webapp powered by Google Script?
I understand it to say that, due to recent actions by Google, it is no longer possible to use the Google authenticator for a Google webapp because redirect URI and javascript origin host domains "cannot be googleusercontent.com”, which is the host domain for Google webapps.
So, my question duplicates earlier posts (i.e., 2019) but in new circumstances. The conclusion of the recent post I've cited seems so radical to me that I'm seeking confirmation, or explanation of how I am misunderstanding it.
As background: I need the webapp to operate under the "(me)owner" account for connectivity to owner spreadsheets, but also need the user's Gmail address (required) for application access control (no other access to user Gmail account; users not all in a shared Workspace domain). Google login would provide the user Gmail address. So, before totally abandoning this solution, I hoping to get additional clarification.
According to the official docs, it's not possible to use Google Sign-In for Websites, and this post from the Google Apps Script Issue tracker Fail to Add *.googleusercontent.com into Authorized JavaScript origins as Google Apps Script uses googleusercontent.com
To achieve your goal, as I mentioned in your previous question, you might use the UrlFeth service to call the Google Sheets API to do the connectivity to your spreadsheet and setting the web app as the user instead as you.
From https://developers.google.com/identity/protocols/oauth2/web-server#uri-validation
Domain
Host TLDs (Top Level Domains) must belong to the public suffix list.
Host domains cannot be “googleusercontent.com”.
Redirect URIs cannot contain URL shortener domains (e.g. goo.gl) unless the app owns the domain. Furthermore, if an app that owns a shortener domain chooses to redirect to that domain, that redirect URI must either contain “/google-callback/” in its path or end with “/google-callback”.
Related
How to Properly Configure GAS Web App (as another user) to Execute GAS API Executable (as me) using OAuth2?
User access request when GAS run as the user
While true that you can no longer add googleusercontent.com, you may be able to solve this by using two webapps and managing authentication/authorization between the two:
Webapp#1:
Run as: Me
Access: Anyone even anonymous
Webapp#2:
Run as: User
Access: Anyone
You may be able to create a jwt token from webapp#2 and verify it on webapp#1. As it is a custom solution, security may be questionable.
References:
Authenticate with a server - Here, webapp#1 acts as server and webapp#2 acts as client.
ScriptApp.getIdentityToken()
I have one question, as mentioned
here I'm doing a jQuery/Javascript only homepage.
Now I'm trying to get the pictures from a google drive with the google drive API. The authentication with 0Auth worked very well.
But I'm not sure if it's the right way, because the authentication confused me a little bit.
Here in Step 2 I have to use my Client ID and login with my user, does this mean the Website is now verified to use the API or does this mean everybody who wants to see the pictures has to login?
What happens if the key is not valid anymore or how often do i have to renew it?
Thanks for your help
Before you can integrate Google Sign-In into your website, you must have a Google API Console project. In the project, you create a client ID, which you need to call the sign-in API.
AFAIK, client ID doesn't expire, only access tokens which expire after 60 minutes. If you have a refresh token you can use the refresh token to get a new (valid) access token.
Here's some references which might help:
Google Drive API using Javascript
How to use Google Drive API to download files with Javascript
I have a cross-platform app with cordova , but now the google map is not working.
I have this error :
MissingKeyMapError
I try to create new api browser key in google console with "*" authorization url , but still not working. i have this error : RefererNotAllowedMapError
the window.location.href of my app is :file:///Users/bahri/Library/Developer/CoreSimulator/Devices/757EE924-9884-44B1-BBF5-04CFF3D68C80/data/Containers/Bundle/Application/820BF808-DFF7-4AB0-8BF8-179D278E90D5/com.taxiwink.taxiwinkapp.app/www/index.html
How can I resolve this issue?
As per today (15 Jul 2020) the following http referrers allows to show a Google map in a cordova app:
iOS:
__file_url__//var/containers/Bundle/Application/*
__file_url__//private/var/containers/Bundle/Application/*
(credit to yannisalexiou for having added the last one which works from iOS13)
Android:
__file_url__//android_asset/www/index.html#/*
__file_url__//android_asset/www/index.html
cordova simulate (eg: simulate ios --target=chrome)
127.0.0.1
localhost
the referrers go into the Google Console API management (API-Project, credentials, referres) at:
https://console.cloud.google.com/apis/credentials/key/abcxyz?project=api-project-123456
NOTE: developed from the answers here https://github.com/wevote/WeVoteCordova/issues/55
MissingKeyMapError Error
The script element that loads the API is missing the required authentication parameter. If you are using the standard Maps JavaScript API, you must use a key parameter with a valid API key. If you are a Premium Plan customer, you must use either a client parameter with your client ID or a key parameter with a valid API key.
See the guide to API keys and client IDs.
From :
https://developers.google.com/maps/documentation/javascript/error-messages#deverrorcodes
https://developers.google.com/maps/documentation/javascript/get-api-key
Also:
Registering authorized URLs
To prevent a third party from using your client ID on their own website, the use of your client ID is restricted to a list of URLs that you specifically authorize.
To see the URLs you have already authorized or to authorize additional URLs:
Log in to the Google for Work Support Portal.
In the left-hand menu, click Maps: Manage Client ID.
You can add up to 100 URLs at a time, to a total of 3000 URLs. If you require higher limits, please contact support.
HTTP and HTTPS protocols are considered different URLs.
For example, if https://example.com is authorized, http://example.com is not necessarily authorized. If you'd like to authorize both at once, you may add a domain without using a protocol: example.com/
You should empty the list of authorized HTTP Referers for your key, in the API Console. This should make the map succeed (after a 5-min propagation delay).
Related issues (it's suggested to "star" them to get an update on their resolution):
Support API key restrictions with file:// referers
Google Maps
API error: MissingKeyMapError when loading from file://
UPDATE
Good news, now you can use file:/ referrers. You can see the following text in the documentation
file:// referers need a special representation to be added to the Key restriction. The "file:/" part should be replaced with "__file_url__" before being added to the Key restriction. For example, "file://path/to/" should be formatted as "__file_url__/path/to/*". After enabling file:// referers, it is recommended you regularly check your usage, to make sure it matches your expectations
https://developers.google.com/maps/documentation/javascript/get-api-key#key-restrictions
I have developed a few small apps that connect to our google domain. However each time I have to authorize one of these apps I need to add a different
Authorized API client by using it's "Client Name". Is there a way to set this client name to something of my choosing? It would make it much easier to quickly understand what apps are OK to remove from the list later on.
Thanks!
...edit...
I may not have been specific enough, here is an image of where I want to change the value. This is from the google admin console for google apps under Security -> Show More -> Advanced Settings -> Manage API Client Access
CLient Name Field
For all the apps I've developed so far my Client Name(which I pull from the google developers console) is either a seemingly random string of only numbers or a random string of numbers and letters follow by "apps.googleusercontent.com". Yet I've seen other apps that somehow have their company name listed there. How can I choose my own Client Name as I've seen in other apps?
You can set client name and the scope by goinog on the Manage client API access page. Register your client in the Authorize a new API client settings.
Enter the client name provided by the third-party vendor and specify the scope. Add a new client by entering the client name (OAuth consumer key) and API scope and clicking "Authorize". You should verify that the client is known to you and that they have an appropriately small scope of access.
For each client, you can specify multiple APIs, separated by commas. For example, to allow access to both the Contacts and Documents List APIs: "http://www.google.com/m8/feeds/, http://www.google.com/feeds/". The list of clients is unique, and cannot have two entries in the list for one OAuth client. You can use any of the Google APIs that currently support two-legged OAuth for Google Apps domains
Authorized API Clients
Add your APIs from the list of approved clients and their scope.
After the client has been added, you can remove a client that has a specified API scope by clicking the "Remove" link. If the client is the OAuth consumer key for your Google Apps domain, you'll see the link, "Manage". Clicking this link takes you to the Manage OAuth key and secret for this domain page where you can edit the client (for example, turn off global API scope access).
For more information about OAuth, please follow this link: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
In case you meant how to set the application name when you connect with the php api client, you can use:
$client->setApplicationName('App Name Here');
I'm using Google Maps Web Services API for work, and they've given me a client ID. When I load up the main page, I don't get an error. However, when I click a sub-page, eg localhost:8080/pages/page.xhtml, I get an error called UnauthorizedURLforClientIdMapError, with the message that this URL is not authorized to use the provided Google Maps client ID.
For reference, Google discusses it in its documentation here: https://developers.google.com/maps/documentation/business/clientside/auth#registering_authorized_urls
With all that being said, I'm currently testing my server with TomCat using the URL http://localhost:8080. This domain has been authorized, as has my individual IP. In my view files, I'm adding this:
<script src="https://maps.googleapis.com/maps/api/js? &client=MY_CLIENT_ID
&v=3.19
&channel=MY_CHANNEL" type="text/javascript"></script>
where 'MY_CLIENT_ID' and 'MY_CHANNEL' are obviously changed to suit my needs (my client id and channel are correct). I've searched through stack overflow and also read all of the relevant Google Documentation but I feel like I'm missing something very small (or large, I'd hope not though).
What's going on?
Each URL that uses Google Maps for Work with the ClientID must be authorized to use that clientid.
You can find all the details here. But this is the summary:
The domain name or IP address does not have to be publicly accessible
All subdomains of a specified domain are also authorized.
All subpaths of an authorized path are also authorized.
Paths are case sensitive.
You may restrict valid URLs to those using certain ports.
HTTP and HTTPS protocols are considered different URLs.
If you are getting the UnauthorizedURLForClientIdMapError, look through the URL authorization rules and see if you simply need to add the URL to the list of authorized URLs.
Btw, here is the the list of Google Maps API Error Codes with explanations.
You must allow the referred URLs related to that Client ID in the Google support management portal.
Access to the Google Support Management portal - http://www.google.com/enterprise/portal - , login with your enterprise google account, then in the left menu, go to "Maps, Manage Client ID" link, select you client id in the combo, and in the "Enter the URLs" textarea, write the referrer URL you want to authorize and click on "Add URL" button.
If you are using a ClientID instead an API KEY to authenticate to Google Maps services, the referrer URLs must be authorized here. If you are using an API KEY, yo must authorize the referrer urls from the google developers console.