12

Here's my initialization code:

            function HandleGoogleApiLibrary() {
                // Load "client" & "auth2" libraries
                gapi.load('client:auth2', {
                    callback: function () {
                        // Initialize client & auth libraries
                        gapi.client.init({
                            apiKey: 'My API Key',
                            clientId: 'My Client ID',
                            scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/plus.me'
                        }).then(
                            function (success) {
                                console.log("Yaaay");
                            },
                            function (error) {
                                console.log("Nope");
                                console.log(error);
                            }
                        );
                    },
                    onerror: function () {
                        // Failed to load libraries
                    }
                });
            }

Which gives me the following error message:

details: "Not a valid origin for the client: http://127.0.0.1 has not been whitelisted for client ID 388774754090-o7o913o81ldb2jcfu939cfu36kh9h0q6.apps.googleusercontent.com. Please go to https://console.developers.google.com/ and whitelist this origin for your project's client ID."
error: "idpiframe_initialization_failed"

My app is not in production yet, so for development I'm using localhost. Thing is, on every stack overflow / reference I've found they've specified that on Authorised JavaScript origins and Authorised redirect URIs I must use http://localhost instead of http://127.0.0.1. If I do this, I get that error and a Permission denied to generate login hint for target domain. if I try to login.

If I use http://127.0.0.1 on both, I get no idpiframe_initialization_failed on initialization, but get the same permission denied when I try to login.

It makes no sense, there's no other way to specify the localhost, and I just can't use the API.

Ericson Willians
  • 7,606
  • 11
  • 63
  • 114
  • it seems you have enabled api restrictions (API key with HTTP referer restriction) in google api console, go to google developer console and add 127.0.0.1 to allowed domains or ip – KUMAR Sep 27 '18 at 04:28
  • Nope, I've checked. Under "Application restrictions" there are no restrictions (None). Also, on OAuth Consent Screen, in "Authorized Domains", I can't put either 127.0.0.1 or localhost, it says: Invalid domain: must be a top private domain. – Ericson Willians Sep 27 '18 at 04:32
  • can you also check ifthis is causing the issue https://developers.google.com/identity/sign-in/web/troubleshooting#third-party_cookies_and_data_blocked – KUMAR Sep 27 '18 at 04:42
  • Nope, not blocking cookies. I'm trying to use http://xip.io/. – Ericson Willians Sep 27 '18 at 04:53
  • See also https://stackoverflow.com/a/44488113/27614 - you may fix this problem by just re-adding a fresh set of OAuth credentials, with the same `http://localhost[:PORT]` you had before. – Dan Fitch Jan 14 '22 at 19:23

5 Answers5

19

In my case it was two-side problem.

  1. Need to add origin to google console.

    How does origin look like? http://localhost

  2. Clear cache.

    This sometimes does not work and you may start thinking that this is not a cache problem. Details below.

1. How to add your origin to google console?

  • Go here: https://console.cloud.google.com/apis/credentials
  • Select a Project you need at the top.
  • Find OAuth 2.0 client IDs and in this section select (or create) a client ID.
  • In the opened window find the section Restrictions -> Authorized JavaScript origins and add either http://localhost or http://localhost:8000 (specifying the port you need).

2. Clear cache.

If the step #1 did not solve the problem, you need to clear cache.

If you want to remove just localhost cache, in Chrome you can do it in the next way:

  • Open Settings -> More tools -> Developer tools;
  • Right click on Reload button -> Empty Cache and Hard Reload.

Sometimes cache clearing does not work. Just to be sure, that it is still a cache problem, open a browser using Incognito mode and check your site again.

TitanFighter
  • 4,582
  • 3
  • 45
  • 73
0

Just to save future readers, I've managed to authenticate from the localhost by typing exactly http://www.localhost on "Authorized Javascript Origins" in the Client ID creation (Credentials / Developer Console). Totally not obvious and anti-user, but neither http://localhost or http://127.0.0.1 worked.

Ericson Willians
  • 7,606
  • 11
  • 63
  • 114
  • 3
    It's not working for me says "Invalid Origin: must end with a public top-level domain (such as .com or .org)." – Abdul Dec 25 '20 at 08:56
0

For me problem was solved by disabling AdBlocker

Stefan Nedelcu
  • 167
  • 1
  • 4
0

I had this issue on Version 100.0.4896.127 (Official Build) snap (64-bit) on Ubuntu 20.04 LTS. Allowing third-party cookies under Settings -> Privacy and Security -> Cookies and other site data solved it. The moment I disabled the third party cookies, the issue was back. So, for my case at least, it seems the issue is third party cookies not enabled. Note that I had the URL of the application as http://localhost:some-port

b.sodhi
  • 93
  • 4
  • 10
0

This is the problem i faced, after trying many things this is what worked for me:

  • Step 1: use gapi-script in the react project for that
npm i gapi-script
  • Step 2: import it in the project 
import { gapi } from "gapi-script"
  • Step 3: write a useEffect function
useEffect(() => {
    const clientId =
      "enter your client id here";
    function start() {
      gapi.client.init({
        clientId: clientId,
        scope: "",
      });
    }
    gapi.load("client:auth2", start);
  });
superdunck
  • 3,088
  • 1
  • 3
  • 22
Shrikrishna parab
  • 1