Google: Permission denied to generate login hint for target domain NOT on localhost

Question

I am trying to create a Google sign-in and getting the error:

Permission denied to generate login hint for target domain

Before you mark this a duplicate, this is not the same as the question asked at Google sign in website Error : Permission denied to generate login hint for target domain because in that case the questioner was on localhost, whereas I am getting this error on the server.

Specifically, I have included the url of the server in the Authorized Javascript Origins, as in the following image:

and when I get the error, the request shows that the same url was sent, as in the following image:

Is there something else I should be putting in my Restrictions page? Is there any way to figure out what is going on here? Is there a log at the developer console that can tell me what is happening?

I used ngrok and works fine. My backend is Django and 127.0.0.1:8000 or localhost — Alejandro Reyna, Aug 12 '19 at 15:50

score 182 · Accepted Answer · answered Mar 22 '16 at 18:47

182

Okay, I figured this out. I was using an IP address (as in "http://175.132.64.120") for the redirect uri, as this was a test site on the live server, and Google only accepts actual urls (as in "http://mycompany.com" or "http://localhost") as redirect uris.

Which, you know, THEY COULD HAVE SAID SOMEWHERE IN THE DOCUMENTATION, but whatever.

answered Mar 22 '16 at 18:47

jimboweb

4,362
3
22
45

6

The text above the "Authorized redirect URIs" field does say "Cannot contain URL fragments or relative paths. Cannot be a public IP address." – Nick Jun 10 '16 at 15:38
5

That's a bit annoying and I really don't see the point. We don't have a domain name for our testing/staging server so far.. and setting one up makes the server more discoverable and vulnerable now, imho. – Efrain Jul 13 '16 at 08:16
I am also facing exact same issue. I have not put anything in authorized redirectURIs. @jimboweb can you please paste solution ? – Shekhar Kumar Dec 09 '16 at 09:52
1

Shekhar, there is no solution to paste except to use a uri (`http://something.com`) instead of an ip address (`http://123.45.678`) in the redirectURIs or Javascript Origins depending on what you need it for. They won't allow ip addresses, and there's nothing that can be done about it. If you're debugging it on your local computer just use `http://localhost:` – jimboweb Dec 09 '16 at 21:11
3

Just adding that 127.0.0.1 is also forbidden – hdvianna Sep 16 '17 at 22:11
17

Honestly, the UI for this and the docs are downright embarrassingly bad for a company like Google. It's REALLY hard to get this set up, even when you know what you're doing. – Everett May 30 '19 at 03:45
Good work figuring this one out. Google has really bad documentation, and whenever I have to do one of their integrations, I know straight ahead that nightmare is awaiting. – xZero Mar 30 '21 at 14:18

fixmycode · Answer 2 · 2019-01-30T18:25:46.290

48

I know this is an old question, but it's the first result when you look for the problem via Google, so I'll share my solution with you guys.

When deploying Google OAuth service in a private network, namely some IP that can't be accessed via the Internet, you should use a magic DNS service, like xip.io that will give you an URL that your browser will resolve to your internal IP. You see, Google needs to be able to reach your authorized origin via your browser, that's why setting localhost works if you're serving it on your computer, but it won't work when you're deploying outside the Internet, as in a VPN, intranet, or with a tunnel.

So, the steps:

get your IP address, the one you're deploying at and it's not a public domain, let's say it's 10.0.0.1 as an example.
add http://10.0.0.1.xip.io to your Authorized Javascript Origins on the Google Developer Console.
open your site by visiting http://10.0.0.1.xip.io
clear your cache for the site, if necessary.
Log in with Google, and voilà.

I got to this solution using this answer in another question.

edited Jan 30 '19 at 18:25

answered Oct 28 '17 at 03:44

fixmycode

8,220
2
28
43

5

Mark this answer as the accepted one! This guy saved me three days of headache: my working machine has no admin privileges, can't install or edit anything (much less writing `hosts` file) and I'm behind my company network so I couldn't just add the internal IP address of my machine. Thank you! – elmazzun Jan 23 '18 at 10:30
2

This is hands down the appropriate answer for most cases – x86-64 Oct 10 '18 at 10:35
1

Great answer, and now I know about [xip.io](http://xip.io/) - I would have edited the answer to correct the link (www.* doesn't work currently) but at the moment you can't edit less that 6 characters :-) – Henning Michael Møller Just Jan 28 '19 at 13:10
2

This answer saved my ass! Thank you Pablo. – netishix Sep 27 '19 at 04:59
Excellent solution. Normally I have to run my own DNS server for private IP range. This solves a lot of hassle. – Shi B. Aug 05 '20 at 11:21
I tried this and it said This site can’t be reached. – GeneCode Nov 16 '20 at 01:58
How would I do this with a specific port, 8080 for example? – momion Nov 26 '20 at 00:32
@momion as this just affects DNS entries, I think ports don't matter, but I can't assert that. maybe try yourip.xip.io:8080, should translate to yourip:8080 – fixmycode Nov 26 '20 at 01:20
I've tried this and it doesn't work, and i keep getting an oauth error, any idea whats happening? – momion Nov 26 '20 at 02:05
1

for anyone still getting the problem xip doesn't work anymore use nip instead – Neeleshwar Kumar Nov 18 '21 at 07:18

score 25 · Answer 3 · edited Mar 13 '21 at 19:37

25

If you are using http://127.0.0.1/projects/testplateform, change it into http://localhost/projects/testplateform, it will work just fine.

edited Mar 13 '21 at 19:37

Suresh Mangs

705
8
19

answered Jan 26 '18 at 05:49

Tgold brain

399
5
13

Can you believe the same applies for JavaScript origins. `127.0.0.1` nope.. but localhost.. fine.. BUT.. the site needs to be loaded as `http://localhost:port` – Piotr Kula Sep 22 '22 at 22:10

score 14 · Answer 4 · answered Jan 23 '17 at 15:07

14

If you testing in your machine (locally). then dont use the IP address (i.e. http://127.0.0.1:8888) in the Client ID configuration , but use the local host instead and it should work

Example: http://localhost:8888

answered Jan 23 '17 at 15:07

Qais Ammari

1,211
1
11
15

1

That doesnt silve the problem :( – Prakhar Thakur Feb 04 '18 at 09:21
Don't know the reason but it work for me. Thank you so much – Linh Jun 19 '18 at 13:55
http://localhost works for me – Ameed Faridi Dec 07 '21 at 04:44

score 3 · Answer 5 · answered Nov 15 '17 at 06:36

To allow ip address to be used as valid javascript origin, first add an entry in your /etc/hosts file

10.0.0.1 mydevserver.com

and then add this domain mydeveserver.com in Authorized Javascript Origins. If you are using some nonstandard port, then specify it with your domain in Authorized Javascript Origins.

Note: Remove your cache and it will work.

score 2 · Answer 6 · answered Apr 26 '17 at 21:26

Just ran across this same issue on an external test server, without a DNS entry yet. If you have permission on your local machine just edit your /etc/hosts file:

175.132.64.120  www.jimboweb.com

And use use http://www.jimboweb.com as an authorized domain.

yeagor · Answer 7 · 2019-03-31T17:57:15.083

0

I have a server in private net, ip 172.16.X.X The problem was solved with app port ssh-forwarding to my localhost port. Now I am able to use deployed app with google oauth browsing to localhost.

ssh -N -L8081:localhost:8080 ${user}@${host}

I also add localhost:8081 to "Authorized URI redirect" and "Authorized JavaScript sources" in console.developers.google.com:

google developers console

edited Mar 31 '19 at 17:57

answered Mar 31 '19 at 17:49

yeagor

1
2

score 0 · Answer 8 · answered Apr 25 '22 at 00:53

After battling with it for a few hours, I found out that my config in the Google Cloud console was all correct and similar to the answers provided. Due to caching issues or something, I had to recreate a OAuth Client ID and then it suddenly started working.

score 0 · Answer 9 · answered Nov 17 '22 at 10:08

Its a pretty old issue, but I encountered it and there wasn't any helpful resource, as such I am posting my solution.

For me the issue was when I hosted my web-app locally, a using google-auth for logging in.

The URL I was trying to hit was :- http://127.0.0.1:8000/master I just changed from IP to http://localhost:8000/master/

And it worked. I was able to log in to the website using Google Auth.

Hope this helps someone someday.

score -3 · Answer 10 · answered Oct 01 '19 at 22:49

-3

install xampp and run apache server, put your files (index and co) in a folder in the xampp dir (c:\xampp\htdocs\yourfolder). Type this in your browser url - http://localhost/yourfolder/index.html

answered Oct 01 '19 at 22:49

O'seun Iyadi

47
5

Google: Permission denied to generate login hint for target domain NOT on localhost

10 Answers10

Linked