Login/Register
Google API authentication: Not valid origin for the client
Asked Answered
Solved google-apigoogle-oauthgoogle-analytics-apigoogle-api-js-client
B

18

91

When making an auth request to the Google API (gapi), it's returning false on the checkOrigin.

I have removed any client id's or anything that would link directly to my account and replaced it with a regex indicating what the data is for reference.

Url: https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Flocal.tools&client_id=(\d{21})

My origin url is a local url, which is https://local.tools

Result: {valid: false}

I'm using the example found here without deviation (except for replacing clientid with my 21 digit clientid): https://ga-dev-tools.appspot.com/embed-api/third-party-visualizations/

The items I'm trying to display show up nicely on the demo site, but aren't getting past the Not valid origin for the client error on my local.tools site.

Bedeck answered 2/3, 2017 at 21:26 Comment(3)
and "local.tools" is deffo configured in the API console and your local server is running on port 80? Try editing your /etc/hosts to point your demo site URL to 127.0.0.1 and see what happens.Eucalyptus
Nothing good would happen because my development environment is not on 127.0.0.1. It also doesn't matter what port it's running on. It can be used on other ports besides port 80.Bedeck
Google API authentication: Not valid origin for the client. --- It might be in case, while you are using same email id for creating client id and for sign-in through webpageSommer
L
80

I received the same console error message when working with this example: https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started

The documentation says not to overlook two critical steps ("As you go through the instructions, it's important that you not overlook these two critical steps: Enable the Analytics API [&] Set the correct origins"), but does not clearly state WHERE to set the correct origins.

Since the client ID I had was not working, I created a new project and a new client ID. The new project may not have been necessary, but I'm retaining (and using) it.

Here's what worked:

During creation of the credentials, you will see a section called "Restrictions Enter JavaScript origins, redirect URIs, or both". This is where you can enter your origins.

Save and copy your client ID (and secret).

My script worked after I created the new OAUTH credential, assigned the origin, and used the newly generated client ID following this process.

Lorelle answered 6/3, 2017 at 19:25 Comment(11)
Yes, that was what I needed. Thank you! Seems like it should be obvious now, but the docs are a bit hard to follow.Bedeck
if I test with a localhost, how can I add the oauth there? for example If I need to let access to localhost:9000/en/loginDoubledealing
You don't need to worry about the oAuth callback. When you use the example given, there is a little button that says something along the lines of "google Authenticate" or I don't remember. But it's there and you click on it and a popup window comes up to authenticate. Adding my domain to the origins is what I needed to do, including after uploading the example to the server. I had to add the server URL to the origin domains.Bedeck
My script worked with new credential in the old app. I believe this is a bug from Google, because I did try adding my origin to my old credential.Biography
Had the same issue and these steps worked for me! The trick was Enabling the Analytics API before creating the CredentialsClevis
In my case it was the type OAuth needed to fixHull
Year after year I keep findig myself back at this answer. Nothing works --> Delete app --> Create new app with the domain added to whitelist --> It works. I mean, I get it, "have you tried turning it off and on again" is a meme for a reason. But it's incredibly frustrating that Google just refuses to improve these services, and there is no way to contact an actual helpful support-person instead of a generic chatbot. Oh well. See you here in 2021 I guess.Compote
Make sure you add the URIs when creating the credentials not after.Anemology
It seams 2021 is worse : setup that was working before does not work now. It seams you cannot enter "localhost" origin anymore. It says "not valid origin"Vauntcourier
Original article behind the link: web.archive.org/web/20170301044410/https://… You can find the credential page here: console.cloud.google.com/apis/credentials edit the entry to define your JS source URLs (origins).Isaac
Activate Analytics API here: console.cloud.google.com/apis/library/…Quirites
C
183

Clear your browser cache. Started getting this error in Chrome and then I created a new client id and was still getting the issue. Opened firefox and it worked, so I cleared the cache on Chrome and it started working.

Cahra answered 25/1, 2018 at 2:33 Comment(9)
Cannot believe cache plays that much role in it.Messina
I had issue like this in iOS safari. The origin was accepted in chrome on iOS but not updated in safari. I’m hoping it will time out sooner or later.Myocardiograph
Or go take a break for an hour or so. Especially if on a device where you don’t want to clear all cache or on mobile where it’s harder to do so.Myocardiograph
Amazingly enough, clearing the browser cache actually solved this issue for me as well...Nodus
Perfect! It works for me after clearing the cache, Thanks a lot.Burden
I had this problem too. If you go to the settings on the dev tools in chrome, there is an option to disable the cache when the dev tool is open.Drumm
Love it when the solution to all my problems is clearing the cache :)Haeckel
Gotta love it when you question your code and sanity, but all you needed to do is clear the cache. THANK YOU!Pindling
Just a tip in case you don't want to lose all your cookies, history, etc. In chrome you can enter as a different user - so just enter as guest, so you wont have to delete all your browsing history.Underdrawers
L
80

I received the same console error message when working with this example: https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started

The documentation says not to overlook two critical steps ("As you go through the instructions, it's important that you not overlook these two critical steps: Enable the Analytics API [&] Set the correct origins"), but does not clearly state WHERE to set the correct origins.

Since the client ID I had was not working, I created a new project and a new client ID. The new project may not have been necessary, but I'm retaining (and using) it.

Here's what worked:

During creation of the credentials, you will see a section called "Restrictions Enter JavaScript origins, redirect URIs, or both". This is where you can enter your origins.

Save and copy your client ID (and secret).

My script worked after I created the new OAUTH credential, assigned the origin, and used the newly generated client ID following this process.

Lorelle answered 6/3, 2017 at 19:25 Comment(11)
Yes, that was what I needed. Thank you! Seems like it should be obvious now, but the docs are a bit hard to follow.Bedeck
if I test with a localhost, how can I add the oauth there? for example If I need to let access to localhost:9000/en/loginDoubledealing
You don't need to worry about the oAuth callback. When you use the example given, there is a little button that says something along the lines of "google Authenticate" or I don't remember. But it's there and you click on it and a popup window comes up to authenticate. Adding my domain to the origins is what I needed to do, including after uploading the example to the server. I had to add the server URL to the origin domains.Bedeck
My script worked with new credential in the old app. I believe this is a bug from Google, because I did try adding my origin to my old credential.Biography
Had the same issue and these steps worked for me! The trick was Enabling the Analytics API before creating the CredentialsClevis
In my case it was the type OAuth needed to fixHull
Year after year I keep findig myself back at this answer. Nothing works --> Delete app --> Create new app with the domain added to whitelist --> It works. I mean, I get it, "have you tried turning it off and on again" is a meme for a reason. But it's incredibly frustrating that Google just refuses to improve these services, and there is no way to contact an actual helpful support-person instead of a generic chatbot. Oh well. See you here in 2021 I guess.Compote
Make sure you add the URIs when creating the credentials not after.Anemology
It seams 2021 is worse : setup that was working before does not work now. It seams you cannot enter "localhost" origin anymore. It says "not valid origin"Vauntcourier
Original article behind the link: web.archive.org/web/20170301044410/https://… You can find the credential page here: console.cloud.google.com/apis/credentials edit the entry to define your JS source URLs (origins).Isaac
Activate Analytics API here: console.cloud.google.com/apis/library/…Quirites
E
23

try clear caches and then hard reload, i had same error but when i tried to run on incognito browser in chrome it worked.

Egghead answered 6/8, 2018 at 12:34 Comment(1)
Worth noting a normal hard refresh with a shift f5 or ctrl f5 didn't do the trick on chrome until I pressed F12 to open the console tab, then right-clicking on the Refresh and click on "Empty cache and Hard Reload"Selena
B
23

Key Point: Add both http://localhost and http://localhost:port_number to the Authorized JavaScript origins box for local tests or development.

Babarababassu answered 9/5, 2020 at 15:39 Comment(5)
Hi - where do you set this?Dornick
check this Steve: developers.google.com/identity/one-tap/web/guides/…Babarababassu
This worked for me. I had originally only listed localhost:port. Once I added localhost (without the port) alongside the one with port, it immediately started working.Mythopoeia
Yes! Add BOTH localhost and localhost:<port>Psychotic
What if my port number varies, can I use a wildcard to allow all ports on localhost?Isaac
M
17

Credentials do not work if API is not enabled. In my case the next steps were needed:

  1. Go to https://console.developers.google.com/apis/library
  2. Enter 'People'
  3. From the result choose 'Google People API'
  4. Click 'Enable'
Mirtamirth answered 6/1, 2018 at 2:0 Comment(2)
This saved my day ..!!! The error seems totally unrelated but this workedVaivode
After many hours this solve my problem.Goof
W
17

You probably use Client ID like this: <CLIENT_ID>.apps.google.com

Make sure your client ID is without ".apps.google.com"

Wish answered 31/1, 2022 at 2:20 Comment(5)
This worked for me. I think the reason it works is that the original URL that has client_id=<CLIENT_ID>.apps.google.com in the query params is cached by Google for quite a while, whereas the one with the updated ClientID is not (even though the two should be the same).Elasmobranch
This is the only solution here that worked for me.Antitrust
In my case i had to remove ".apps.googleusercontent.com" and magically it started working.Natterjack
Thank you, you saved me a lot of time!Latchstring
Awesome answer!! Worked wonders for me.Shabbir
V
12

Creating new oauth credentials worked for me

Vashtivashtia answered 13/12, 2018 at 5:33 Comment(3)
Before I looked in SO I thought "maybe it's the cache".. after deleting the cache didn't work, This solution did.Retrograde
your solution worked for me. kind of weird from googleMonopode
Even I created a new client Id and it worked for meEpigraphic
B
11

For me - I just went here:

https://console.developers.google.com/apis/credentials

Then chose the right project; then choose the credential with the same ID shown in your console error message. When editing the credentials you can add multiple origins to the white list.

Befuddle answered 26/7, 2017 at 13:39 Comment(1)
Nice, this is the correct answer for new client addressShockheaded
C
7

After updated Authorized JavaScript origins browser still caching old data, so I need to Empty cache and hard reload then it works

1. Change Authorized origins

enter image description here

2. Open Dev Tool (F12) then right-click into reload button

enter image description here

Chisel answered 23/9, 2021 at 9:42 Comment(0)
E
4

Clearing the cache on chrome works!

Please find the steps below to clear the cache.

  1. Open dev tools (Right-click on the page and select inspect/ press F12)
  2. Right-click on the chrome reload button while the dev tool is opened. (You will find the option to clear the cache and reload the site)
Etiolate answered 19/8, 2021 at 13:12 Comment(0)
C
3

clearing the cache works for me.

for React developers try to restart the project otherwise it will show the same error again and again.

Carlyle answered 20/11, 2020 at 8:41 Comment(0)
U
1

It was a referrer-policy problem.

This has been such a pain for a long time to me too...

Found the issue, my website instance had a referrer policy set to no-referrer. After setting it to no-referrer-when-downgrade, the One Tap prompt showed up as expected.

https://mcmap.net/q/242410/-google-api-oauth-client-localhost-never-allowed-for-client-id

If you are using Django, SECURE_REFERRER_POLICY is 'same-origin' by default. Change it by adding the below code in your settings file.

# settings.py
SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'

https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-SECURE_REFERRER_POLICY

Undergird answered 4/5, 2021 at 10:30 Comment(0)
M
1

Similar to few answers at above but with screenshots. If you created project for Firebase, may also use the same steps to configure at Google Cloud Platform console.

  1. Select the project at https://console.cloud.google.com/
  2. Navigate to Credentials
  3. Click Edit button for the related OAuth 2.0 Client ID
  4. Add URI into Authorized JavaScript origins
  5. Don't forget to Save

enter image description here

enter image description here

Masters answered 19/5, 2021 at 9:34 Comment(0)
W
1

That worked for me after trying for an hour:

On https://console.cloud.google.com/apis/credentials :

  • Edit Client Outh (mine was: Web Client (Auto Created by Google Service), which was created by my Firebase Web Project)
  • Enter JavaScript Origin for the Client ID (mine was: localhost:NNNN) and don't forget to Save.
  • Try google login for half an hour: didn't work
  • Enabled Google Analytics as suggested above
  • Empty Chrome cache and hard reload as suggested above
  • Try google login for half an hour: didn't work
  • Sign Out from https://console.cloud.google.com, and sign in again
  • Empty Chrome cache and hard reload
  • Now it worked

I don't know which one of the above fixed the problem. May be it was just a matter of time for cloud.google to recognize my new JavaScript Origin.

Winslow answered 5/12, 2021 at 17:21 Comment(0)
Z
0

I got the error because of Allow-Control-Allow-Origin: * browser extension.

Zoroastrianism answered 22/11, 2018 at 6:40 Comment(0)
P
0

Trying on a different browser(chrome) worked for me and clearing cache on firefox cleared the issue.

(PS: Not add the hosting URIs to Authorized JavaScript origins in API credentials would give you Error:redirect_uri_mismatch)

Pomerania answered 25/7, 2020 at 23:56 Comment(0)
G
0

I was getting the same error but tried publishing my app and now it shows as below:

enter image description here

Gratuitous answered 23/8, 2022 at 11:20 Comment(0)
A
0

I came across this error recently while developing a Capacitor JS Application, and here's a checklist of everything I had to do to resolve it. This list is compiled with answers from other users, as well as a few I found myself.

  1. Clear cache and hard refresh
  2. Use Chrome/Another Chromium browser (Error messages are sometimes different)
  3. Make sure the Google Auth Client is set to In Production and not In Testing
  4. Make sure to add JavaScript URIs pointing to your web address
  5. Add both http://localhost and http://localhost:PORT to the URI list
  6. If in development/testing and your URI is localhost, make sure to access the website from localhost and not from your machine IP
  7. Try enabling the Google People API
  8. Make sure you have access to the scopes you're using
  9. If website has a "no-referrer" policy, switch to "no-referrer-when-downgrade"
  10. Disable Ad blockers, Script blockers, and Brave Shields
Apoloniaapolune answered 27/3, 2023 at 16:20 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.