Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The published web app can no longer be used in accounts where API Access Control block unknown apps #191

Open
1 task done
NoSubstitute opened this issue Jul 26, 2023 · 8 comments
Open
1 task done

The published web app can no longer be used in accounts where API Access Control block unknown apps #191

NoSubstitute opened this issue Jul 26, 2023 · 8 comments

Comments

@NoSubstitute
Copy link

Bug summary

Any specific steps to reproduce the issue?

Try to add the app client_id in API Access Control here. Click the Add app link and supply the client_id.
https://admin.google.com/ac/owl/list?tab=configuredApps

client_id: 983475130545-e81q4d30k615fsr942krcejaajriv23a@developer.gserviceaccount.com

Since the client_id can not be found, it can't be added to the allowed list.

Oath of good faith

  • I, the author of this Issue, do solemnly swear that I've looked real hard for duplicate issues and I came up empty!!
@ericyd
Copy link
Owner

ericyd commented Aug 7, 2023

This is an issue with your GSuite account settings, I don't have control over this configuration

@santi-ifontana
Copy link

@NoSubstitute try with this ID: 983475130545-e81q4d30k615fsr942krcejaajriv23a.apps.googleusercontent.com

It worked for me.

@NoSubstitute
Copy link
Author

It worked for me.
Hello @santi-ifontana - thanks for trying to help.
Adding that, I get one step closer, but I'm still blocked.

image

This is the URL.
https://accounts.google.com/signin/oauth/danger?authuser=0&part=SomeUniqueValueHere&flowName=GeneralOAuthFlow&hl=sv&as=SNumbersHere%3AOtherNumbersHere&client_id=983475130545-e81q4d30k615fsr942krcejaajriv23a.apps.googleusercontent.com&rapt=SomeOtherUniqueValueHere

I am trying to limit access to only necessary things. So I didn't choose Trusted, but instead Specific Google data.

image

@santi-ifontana
Copy link

@NoSubstitute At first I also tried "Specific Google data" to limit the scope, but that did not work for me either.
Only "Trusted" seems to work. Also remember that you are pre-whitelisting, not actually giving permissions by selecting Trusted, only when you follow the wizard with your user is that you are allowing permissions into your account.

Please try again and let me know :)

@NoSubstitute
Copy link
Author

Yeah, setting it to Trusted works, but that makes the Specific data setting pointless. 😞
Thank you.

@santi-ifontana
Copy link

Yeah, I agree. I don't know why it does not work when you set the specific access, maybe because it is in BETA as displayed there.
Also, this additional step of grating additional access was not necessary, something happened on Google's side enforcing greater control.

@NoSubstitute
Copy link
Author

NoSubstitute commented Oct 1, 2024
edited
Loading

Oh, enforcing granted access is by default for Workspace for Education for users Under-18, as Google forced the setting to Block API access for all unknown third-party services, which is something all organisations should have set as default a long time ago, when the feature was introduced in API Access Control.

It was one of the best days of my working life when I could just tick a single box, and no external Login with Google-junk was accessible, unless pre-approved by me.

@santi-ifontana
Copy link

That explains why you had this issue since 2023 and the rest of us just recently #193

I didn't know, thanks for that clarification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ericyd @NoSubstitute @santi-ifontana