Issue
I am working on a React Native for iOS, Android and Web. Earlier this year my colleague responsible for the Android side of things had issues with Google Sign In, and their solution was to remove it entirely.
I am now trying to re-implement this. I have no issues on Web or iOS, but with Android, I get the following error:
Error 400: invalid_request
You can't sign in to this app because it does not comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
It then says in the Request Details
section:
If you're the app developer, make sure that these request details comply with Google's policies.
- redirect_uri: exp://192...*:19000
I have checked my app.json
to ensure my credentials match up with both my Google Cloud Console API credentials as well as Firebase credentials.
I have followed Expo's documentation, and I have done everything correctly on Web and iOS.
Any help would be appreciated, and if more information is needed just let me know. Thanks
EDIT
I did go into my Authorised redirect URIs
and try to add exp://192.*.*.*:19000
but it will not allow me to.
Solution
Answer: You cant use exp://192.*.*.*:19000
as a redirect uri with web application credentials. It must be Redirect URIs must use the HTTPS scheme, Hosts cannot be raw IP addresses, Redirect URIs cannot contain certain characters including: Wildcard characters ('*')
Background info.
There are serval types of client types for google authorization.
- web
- mobile
- native (Desktop)
- service account.
Each of these types use a slightingly different type of authorization. Installed applications have to return the authorization back to where it came from or localhost. Web applications, the authorization is returned to a valid web address.
The redirect uri in the case of web apps and installed apps is used to tell the authorization server where it is allowed to send the authorization code back to. This is a security measure to ensure that no one can hijack your authorization, by just adding any redirect uri.
You can't sign in to this app because it does not comply with Google's OAuth 2.0 policy for keeping apps secure.
This error message is telling you that the redirect uri your application is sending is not a valid redirect uir. Redirect URI validation rules
you are probably getting stuck by these
your redirect URI exp://192.*.*.*:19000
is not https and its an ip address. neither of which is going to be allowed.
In the case of mobile apps things are completely different. This form of authorization normally use's the package name and an SHA-1 in order to authorize the user and return the token back properly.
I dont see how you are going to get that to work with react.
Answered By - Linda Lawton - DaImTo
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.