Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cant Sign in to google #295

Open
AlvaroMartinezB opened this issue Aug 24, 2020 · 6 comments
Open

Cant Sign in to google #295

AlvaroMartinezB opened this issue Aug 24, 2020 · 6 comments
Assignees
@auroranil @cyderize

Comments

@AlvaroMartinezB
Copy link

"Authorization Error
Error 401: deleted_client
The OAuth client was deleted."

image

Tried switching browsers and PCs, always receiving the same error
@auroranil
Copy link
Member

Looks like we need to create another OAuth client so that it can read basic user information and Google Drive files, since this old one refers to an OAuth client which was deleted:

MARIE.js/src/js/ext/gapi.js

Lines 2 to 9 in 421f56d

// The Browser API key obtained from the Google Developers Console.
var developerKey = 'AIzaSyCpcTAAL4Yf9WoKVD_UE6f-_LwE6bDau-M';
// The Client ID obtained from the Google Developers Console. Replace with your own Client ID.
var clientId = "357044840397-qs7nu7a17ohiih95v334l6k209qh5oah.apps.googleusercontent.com"
// Scope(s) to use to access various data
var scope = ['https://www.googleapis.com/auth/drive.readonly','https://www.googleapis.com/auth/userinfo.profile'];

While we are getting it fixed, watch this interesting (yet optional) video: https://www.youtube.com/watch?v=BxV14h0kFs0

@auroranil
Copy link
Member

auroranil commented Aug 25, 2020
edited

I created a Google APIs project with id: marie-js-287500

Client id: 379498519945-t99d28b6shpjqu8mc8ie63sf8hl2rf87.apps.googleusercontent.com (obtained from OAuth 2.0 Client IDs)
Developer key: AIzaSyAeqrBBcecgb8h8OcltPToa9VIAwipmtJ8 (obtained from Picker API Keys)
Authorised domain: marie.js.org
Client secret: Not needed for accessing Google APIs from a web browser client.
Google APIs enabled:

  • Google Drive API
  • Google Picker API

I need to get the OAuth Consent screen verified by Google, which requires me to create a privacy policy for this project. Once a privacy policy has been created for this project and this verification process gets submitted, it says they will take a couple of weeks to verify it.

This was referenced Aug 30, 2020
Closed
Open
@ericjiang97
Copy link
Member

@auroranil maybe avoid publishing the secrets here :P

@auroranil
Copy link
Member

I know not to publish client secret to Github, but I am not sure about developer key. The old developer key is currently exposed in this Github repo, so I thought it would be fine to replace it with a new one.

@auroranil
Copy link
Member

I revoked the credentials - both the API key and the OAuth client.

It looks like to secure API keys, I would need to setup a server which holds them, and never expose them on the client side.
https://softwareengineering.stackexchange.com/questions/395128/why-must-api-keys-be-kept-private

@ericjiang97
Copy link
Member

You can try holding them in the GitHub secrets and use GitHub actions to use them when building it as environment variables.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@auroranil auroranil

@cyderize cyderize

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@auroranil @ericjiang97 @cyderize @AlvaroMartinezB