11

When I try to login today via google in my web app, I get that error:

400 That’s an error.

OpenID auth request contains an unregistered domain: http://XXX.XXX.XXX/ (IP here)

But on localhost everything works fine. What is more - on other project also everything works nice.

I'm using default OAuth:

OAuthWebSecurity.RegisterGoogleClient();

How to resolve it?

Youngjae
  • 24,352
  • 18
  • 113
  • 198
whoah
  • 4,363
  • 10
  • 51
  • 81

3 Answers3

6

I would like to add some context to this thread together with a potential solution to developers that are currently blocked.

Back in February we announced the deprecation of OpenID 2.0 (OID2) scheduled for April 2015. We also announced that new OID2 relying parties (RPs) registrations** will no longer be accepted after April 2014.

Given that the API will be shut-down in less than a year’s time, our intention is to avoid having new RPs integrating with Google's OID2 API. Instead, we suggest to use our OpenID Connect API which we consider more secure and easier to implement.

Registrations were effectively closed on May 19th (as documented in the Google’s OID2 developer documentation). All RPs already using OID2 should not be affected by this the closure.

As for developers currently working on an integration with our OID2 API (presumably because they missed the announcement and warnings in our OID2 documentation), we will do our best to minimize the friction caused by the registration closure. If you are in such situation, please let us know by posting a registration request before June 15th. The post should contain a sample OID2 request used by your application, in case you prefer not to disclose such information, please post an email address and we will reach out. We plan to look into each case and try to get you unblocked in the best possible way.

Miguel.

** OID2 does not have a registration procedure for RPs integrating with an identity provider. RPs are associated to the realm value (e.g., www.example.com) used when contacting Google OID2 API. Thus, a RP is considered "registered" if its realm value has been used to contact our OID2 API.

Miguel Andres
  • 1,410
  • 11
  • 11
3

This approach is obsolete as Google changed their auth to OAuth2

I didn't delete this answer because formerly approved api users are still valid to use.

== Original post below ==

If you are OWIN-based MVC5 user, just change Startup.Auth.cs file

        app.UseGoogleAuthentication();

to

app.UseGoogleAuthentication(
 clientId: "000-000.apps.googleusercontent.com",
 clientSecret: "00000000000");

according to the http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on page.

Youngjae
  • 24,352
  • 18
  • 113
  • 198
  • How can we fix it for ASP.NET MVC 4 project? – sanjeev Sep 30 '14 at 18:27
  • 2
    how to get Client id and Client Secret ?? – Er Mayank Oct 05 '14 at 12:13
  • @ErMayank it's in the Google developer console. – Youngjae Oct 05 '14 at 12:30
  • 1
    @Youngjae, could you please give me a code (For MVC4), because my application is in MVC4 is using OAuthWebSecurity.RegisterGoogleClient() which is not supported by Google now. And i have to make it in mvc4. – Er Mayank Oct 06 '14 at 05:59
  • @ErMayank // As I don't have any MVC4 based approach, so you may use some components from `nuget`. I don't know which does work but I *believe* there's a package for that. – Youngjae Oct 06 '14 at 06:03
  • For testing i have created a new mvc5 application and created my app. when i set clientId and clientSecret as mentioned above is showing error as Overload resolution failed because no accessible 'UseGoogleAuthentication' accepts this number of arguments. – Er Mayank Oct 06 '14 at 08:20
  • Google is closing their authentication type (as this answer), and moving to new oauth2 based authentication. So, this answer may only be valid for old google service developers who registered google service monthes ago like me. – Youngjae Oct 18 '14 at 03:21
1

Google has disabled OpenID2 for new domains. Existing relying parties can continue to use the API at least until the end of the deprecation period that runs through to April 2015. The announcement is at: https://developers.google.com/+/api/auth-migration#timetable

breno
  • 3,226
  • 1
  • 22
  • 13
  • so we have to use now OAuth2? Or which solution? – whoah May 21 '14 at 17:15
  • Yes, OAuth2/OpenID Connect is the preferred solution. You can find info about the protocol in the Google dev docs: https://developers.google.com/accounts/docs/OAuth2Login And about the migration steps here: https://developers.google.com/accounts/docs/OpenID Hope that helps. – Miguel Andres Jun 30 '14 at 15:55