0

In https://console.developers.google.com/apis/credentials/oauthclient I created a "Client ID for Web application", No restrictions: empty "Authorized JavaScript origins" and empty "Authorized redirect URIs". I receiv a client Id and put it on a page.

Below is the most basic page sample. I receive the message:

400. That’s an error.

Error: invalid_request

Permission denied to generate login hint for target domain.

??? what's wrong? 

<head>
<meta name="google-signin-client_id" content="****26190863-tm7mr9racl8bgooifq2kjssb1n7teoob.apps.googleusercontent.com">
</head>
<script src="https://apis.google.com/js/platform.js" async defer></script>
<script type="text/javascript">
function onSignIn(googleUser) {
  var profile = googleUser.getBasicProfile();
  console.log('ID: ' + profile.getId()); // Do not send to your backend! Use an ID token instead.
  console.log('Name: ' + profile.getName());
  console.log('Image URL: ' + profile.getImageUrl());
  console.log('Email: ' + profile.getEmail());
}
</script>
<body>
    <div class="g-signin2" data-onsuccess="onSignIn"></div>
</body>
Grenville Tryon
  • 120
  • 1
  • 1
  • 8
  • Do you have a valid URL in the `Authorized Javascript Origins` sections (for `redirect_url`), Is it pointing to any invalid url or to of your IP address? – David R Jan 11 '17 at 15:31
  • empty "Authorized JavaScript origins". I didnt receive any "not valid empty" warning at all, so i asume is optional – Grenville Tryon Jan 11 '17 at 15:34
  • use web site name instead of ip address [StackOverFlow](https://stackoverflow.com/questions/36020374/google-permission-denied-to-generate-login-hint-for-target-domain-not-on-localh) – fatma zayed Mar 10 '18 at 09:31

2 Answers2

3

As a followup to my comment, if you look at the official documentation, Authorized JavaScript origins field is mandatory, where as the Authorized redirect URI can be left empty.

The documentation goes like this, (Click here to check the documentation)

1. In the Authorized JavaScript origins field, enter the origin for your app. You can enter multiple origins to allow for your app to run on different protocols, domains, or subdomains. You cannot use wildcards. In the example below, the second URL could be a production URL. http://localhost:4567 https://myproductionurl.example.com

2. The Authorized redirect URI field does not require a value. Redirect URIs are not used with JavaScript APIs.

Hope this helps!.

David R
  • 14,711
  • 7
  • 54
  • 72
  • Thanks for your comment. I didnt find a text saying something like the Authorized Javascript origins are mandatory. Mostly, i play with the developers and found that if i left empty the "Authorized JavaScript origins" and set "Authorized redirect URI" (as localhost in my case) the program start running. Bad documentation for me. I didnt try javascript google api yet. it can be a way to go. – Grenville Tryon Jan 11 '17 at 16:14
  • UPGRADE: The cache was fooling me. I had to restart chrome every time i changed the console project. After *several* tries, i admit than the mandatory field is the "Authorized JavaScript origins" -as you said-. Still missing a text saying which that field is mandatory, or even better disallow to save the credentials with empty values. Thanks – Grenville Tryon Jan 11 '17 at 16:35
  • I will put your answer as the correct one. For the records: I spend valuable time assuming it was someway MY mistake. I reduce/rewrite several times the big original program, scratch my head a lot, and finally write a minimal page to test it. I finally supossed it wasnt my problem and -with doubts- ask for help here. I gave too much credit to the google guys! – Grenville Tryon Jan 11 '17 at 16:54
0

empty "Authorized JavaScript origins" and empty "Authorized redirect URIs"

I'm pretty sure you need to fill those in with valid information for both development(localhost) and production. You would also need http and https versions of each if you are using both.

George Bittmann
  • 143
  • 2
  • 11
  • 1
    In case is true, the google developers console screen must be rewrited: Not a warning message at all, and the result message (permission denied) doesnt help to a developer to conclude the javascript origin cant be empty (what is a value perfectly valid for a developer). – Grenville Tryon Jan 11 '17 at 15:42