Authorization Error on attempt to connect to Google

[bernd-wechner]

I followed all the instructions, and try to connect, but am presented with this from Google (personal info redacted:

Authorization Error
Error 403: access_denied
The developer hasn’t given you access to this app. It’s currently being tested and it hasn’t been verified by Google. If you think you should have access, contact the developer (my_email_address).
Learn more
Request Details

    access_type=offline
    response_type=code
    redirect_uri=https://mynexclouddomain/index.php/apps/integration_google/oauth-redirect
    state=clqcx7nv8j
    prompt=consent
    client_id=myclientid
    scope=openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/calendar.events.readonly https://www.googleapis.com/auth/contacts.readonly https://www.googleapis.com/auth/photoslibrary.readonly https://www.googleapis.com/auth/drive.readonly

[julien-nc]

Hi, when using Google integration app, did you try to authenticate with the same Google account than the one who created the OAuth app on Google side?

If not, could you try to do so?

If yes, your problem is most likely that your OAuth app can only be used with its creator Google account until you get it to be verified (I don't know how long it takes or how it works).

Any progress?

[Marhy172]

Hello, I had the same issue.

After searching in Googles APIs & Services I found that in OAuth consent screen is my app in "testing" mode and only test users are able to use APIs (there is a limit for one hundred test users).

After adding test users to the list, me and my users are able to get further in "log in" process, but at the end we get this warning and nothing happens anyway:

[integration_google] Warning: Google OAuth error : Client error: `POST https://oauth2.googleapis.com/token` resulted in a `401 Unauthorized` response:
{
  "error": "invalid_client",
  "error_description": "Unauthorized"
}

Isn't it possible that Google changed it's terms for using APIs? Or maybe there is a problem because I changed Name, Logo and Web link of my Nextcloud instance in Theming and now Google don't recognize the app as safe Nextcloud instance or something?

[julien-nc]

@bernd-wechner The OAuth handshake still works on my side. I can authenticate with the user who created the OAuth app on google side and another unrelated one.

Are you sure the internal change on google side has an effect on this google integration app? From my point of view it does not.

As far as I know, there is no need to configure a consent screen. Your problem might be related to OAuth configuration on google side...

[bernd-wechner]

My apologies. Dropped the ball on this one. Took a quick look again can summarise what I see:

1. Same problem as reported, at first. Can't connect and fails with that 403 error.
2. I'm 99% sure I used the same Google account yes, but to be sure I opened google.com and see myself logged in. I can see under Security settings and 3rd Part Access that it's enabled and I can see 10 other apps that have access to my Google account. I can't see anything related to OAuth there. Is that something else I'd need to enable somewhere to create an OAuth app? I admit I'm a tad green in that area.
3. I can't see any configs on the Nextcloud side so I imagine that's all handled by the popup that appears when I click the Connect to Google in Nextcloud.

Thanks BTW for dropping a line, and bumping this. It looks like a great app if I can get it working.

[julien-nc]

Yes you have to create an OAuth app on google side. But I guess you have done it because otherwise you wouldn't be able to make a connection attempt with the Nextcloud app.

As it's not possible for me to make an OAuth app that accepts all redirect URIs and could be used by default by this Nextcloud integration app, each Nextcloud admin must create an OAuth app (called OAuth client in google console), set the redirect URI mentioned in Nextcloud admin settings and put the client ID and client secret in "connected accounts" admin settings section.

Are we on the same page about that? It seems like a lot of people managed to configure everything by following the instructions in this Nextcloud app. Maube you just forgot a step or made a mistake somewhere. Let's find out what's wrong in your context. Did you strictly follow the hints in "connected accounts" admin settings section?

[Marhy172]

I am so sorry, I am not aware of any mistake I made before, but I apparently made one. Looking for help, I found this thread and I thought there is a bug in the app, but the error was on my side. I followed the instruction again and now it works as it should.

Still I have warning about unverified app when logging in to Google account, though. Is it possible to get rid of it by publishing the app to production in OAuth consent screen? Seems like annoyingly complicated process to me. Did anyone tried it?

Anyway, I am happy with this app now, thanks for the help @eneiluj

[akshayreddy10]

Changing the status of publishing from testing to production in OAuth consent screen worked for me

[bernd-wechner]

OK, sorry once more, so busy this end. And this is a nice to have not an essential. BUt I am curious to learn more. I have just tried again and it fails, so I checked my Google account and it has an Oauth app there fro Nextcloud. To clairfy at this (proforma) URL:

https://console.cloud.google.com/apis/credentials/oauthclient/........?project=bernd-wechner

I see:

And if I download the JSON I get this (redacted):

{
    "web": {
        "client_id": "<redacted>",
        "project_id": "bernd-wechner",
        "auth_uri": "https://accounts.google.com/o/oauth2/auth",
        "token_uri": "https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
        "client_secret": "<redacted>",
        "redirect_uris": ["https://mydomain1/index.php/apps/integration_google/oauth-redirect", "https://mydomain2/index.php/apps/integration_google/oauth-redirect"]
    }
}

I wonder, am I looking at the right thing here? Is there something I'm missing?

If I click Connect to Google here:

I get this:

and if I click my Google account I get this:

So I'm a tad lost really.

[talondnb]

Make sure you Publish your app and try again.

[bernd-wechner]

Well that worked. Thanks. More or less.

1) It certainly connected:

2) But there are four errors:

3) I don't know what comes next. What am I expecting to see now?

[julien-nc]

Have you enabled the following APIs in the google dev console?

• Google Drive API
• Photos Library API
• Google Calendar API
• People API

The list of enabled APIs is displayed in the dev console dashboard:

To enable an API, click on the "Library" item in the left sidebar of the dev console and search for the specific API.

Once you have enabled the APIs, make sure you logout from your google account, then disconnect the Nextcloud integration app and make another attempt to connect. During the OAuth authentication flow, it should ask you which permissions you want to grant to the OAuth app, check them all and the NC integration app should then be able to use all those APIs.

Any better?

[bernd-wechner]

Thanks for that. NO they weren't. Total noob with Google APIs here. Enabled those (was a slow process their UI sucks and is slow from here) and now those 4 errors no longer pop up. Still wondering what to expect form this, kind of just hoping to see my Google data replicated on my Nextcloud. Alas the README:

https://github.com/nextcloud/integration_google

Is very thin on the ground. As in what next? I just see my Google files, contacts, photos and calendar slowly appear on my Nextcloud? Or do I have to do something to import them? Are they kept in sync or is it a one off import? The README leaves a few questions on use open.

Of course all the steps I had to take to get this far would be well described in the README as well, on a how to get this app working. I don't mind PRing a fix tot he README.

[bernd-wechner]

I'm not seeing any evidence this does anything. I seem to be connected now:

But I see nothing new on my nextcloud, nothing odd in the logs, and I see Zero indication in the README here, nor a wiki, as to what I can expect. What does this actually do? What am I looking for? I was kind of thinking my files, contacts and photos would be mirrored from my Google drive to my Nextcloud. But ... help.

[julien-nc]

Don't you see this under the authentication section?

If you don't see this, you probably still have some API or account access permissions issues.

I would recommend to hit the "Disconnect from Google" button in Nextcloud, then go to any Google service (https://drive.google.com for example) and sign out from your Google account. Then hit the connect button in Nextcloud again. It will redirect you to a Google authentication page, once authenticated you should be asked which permissions you want to give to the Nextcloud integration app. If all that is successful you should be good to go like in my screenshot.

Any better?

[bernd-wechner]

Nope, I don't see anything ... I'll try the suggestion thanks. But also suggest the readme show this image or one like it as the expected end goal. It sort of helps understand what we're aiming for and that the Import is an on request manual task not an ongoing sync thing.

[bernd-wechner]

OK, a little more than 2 months later, I tried your suggestion. And ... it worked! I now see all these things to import.

What does remain unclear from everything I've read and looked at, and really should be clear early in the piece in the up front pitch for the app, is: These imports are one off imports, or ongoing synchs? I am guessing the former, but this should be stated clearly. As I'm actually in the market for keeping my Google calendars and Nextcloud calendars synched, not just importing them once to Nextcloud.

[hassanshahzadaheer]

After a lot of searching on Google and stack-over flow, I found someone who says on this page just log out of your Google account and then log in back. It should work.

Yes, It's worked for me.

[Snowflake6]

What does remain unclear from everything I've read and looked at, and really should be clear early in the piece in the up front pitch for the app, is: These imports are one off imports, or ongoing synchs? I am guessing the former, but this should be stated clearly. As I'm actually in the market for keeping my Google calendars and Nextcloud calendars synched, not just importing them once to Nextcloud.

From everything i've seen so far, it's a one-off. No syncing.

[Jolg42]

I just got into one of these issue and I can share what worked for me (@Marhy172): For the following error:

[integration_google] Warning: Google OAuth error : Client error: `POST https://oauth2.googleapis.com/token` resulted in a `401 Unauthorized` response:
{
  "error": "invalid_client",
  "error_description": "Unauthorized"
}

What worked was to enter a value for "Authorized JavaScript origins" and "Authorized redirect URIs"

At first I didn't enter any value in "Authorized JavaScript origins" and I had no clue it was required. I tried setting it and it worked instantly after.

[github-actions[bot]]

Hello :wave: This issue appears to have had no activity for 3 months. We cannot keep track of whether individual issues have resolved themselves or still require attention without user interaction. We're thus adding the stale label to this issue to schedule it for getting closed in 5 days time. If you believe this issue is still valid and should be fixed, you can add a comment or remove the label to avoid it getting closed.

Cheers :blue_heart:

[github-actions[bot]]

This issue was closed because it has been stalled for 5 days with no activity.