66

When making an auth request to the Google API (gapi), it's returning false on the checkOrigin.

I have removed any client id's or anything that would link directly to my account and replaced it with a regex indicating what the data is for reference.

Url: https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Flocal.tools&client_id=(\d{21})

My origin url is a local url, which is https://local.tools

Result: {valid: false}

I'm using the example found here without deviation (except for replacing clientid with my 21 digit clientid): https://ga-dev-tools.appspot.com/embed-api/third-party-visualizations/

The items I'm trying to display show up nicely on the demo site, but aren't getting past the Not valid origin for the client error on my local.tools site.

DaImTo
  • 72,534
  • 21
  • 122
  • 346
Francis Lewis
  • 8,302
  • 7
  • 49
  • 60
  • and "https://local.tools" is deffo configured in the API console and your local server is running on port 80? Try editing your /etc/hosts to point your demo site URL to 127.0.0.1 and see what happens. – pinoyyid Mar 06 '17 at 22:37
  • Nothing good would happen because my development environment is not on 127.0.0.1. It also doesn't matter what port it's running on. It can be used on other ports besides port 80. – Francis Lewis Mar 20 '17 at 14:57
  • Google API authentication: Not valid origin for the client. --- It might be in case, while you are **using same email id** for creating client id and for sign-in through webpage – Sahil Mujawar Oct 09 '20 at 10:58

13 Answers13

143

Clear your browser cache. Started getting this error in Chrome and then I created a new client id and was still getting the issue. Opened firefox and it worked, so I cleared the cache on Chrome and it started working.

iamcootis
  • 1,715
  • 2
  • 14
  • 15
71

I received the same console error message when working with this example: https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started

The documentation says not to overlook two critical steps ("As you go through the instructions, it's important that you not overlook these two critical steps: Enable the Analytics API [&] Set the correct origins"), but does not clearly state WHERE to set the correct origins.

Since the client ID I had was not working, I created a new project and a new client ID. The new project may not have been necessary, but I'm retaining (and using) it.

Here's what worked:

During creation of the credentials, you will see a section called "Restrictions Enter JavaScript origins, redirect URIs, or both". This is where you can enter your origins.

Save and copy your client ID (and secret).

My script worked after I created the new OAUTH credential, assigned the origin, and used the newly generated client ID following this process.

designdit
  • 761
  • 6
  • 7
  • 1
    Yes, that was what I needed. Thank you! Seems like it should be obvious now, but the docs are a bit hard to follow. – Francis Lewis Mar 09 '17 at 17:58
  • 2
    if I test with a localhost, how can I add the oauth there? for example If I need to let access to http://localhost:9000/en/login – rosu alin Mar 15 '17 at 09:19
  • You don't need to worry about the oAuth callback. When you use the example given, there is a little button that says something along the lines of "google Authenticate" or I don't remember. But it's there and you click on it and a popup window comes up to authenticate. Adding my domain to the origins is what I needed to do, including after uploading the example to the server. I had to add the server URL to the origin domains. – Francis Lewis Mar 20 '17 at 14:55
  • 3
    My script worked with new credential in the old app. I believe this is a bug from Google, because I did try adding my origin to my old credential. – Franklin Yu Jul 04 '17 at 21:53
  • 1
    Had the same issue and these steps worked for me! The trick was Enabling the Analytics API before creating the Credentials – Sahan Serasinghe Aug 03 '17 at 03:27
  • In my case it was the type OAuth needed to fix – Arman Fatahi May 28 '18 at 14:03
  • Year after year I keep findig myself back at this answer. Nothing works --> Delete app --> Create new app with the domain added to whitelist --> It works. I mean, I get it, "have you tried turning it off and on again" is a meme for a reason. But it's incredibly frustrating that Google just refuses to improve these services, and there is no way to contact an actual helpful support-person instead of a generic chatbot. Oh well. See you here in 2021 I guess. – Andrew Feb 25 '20 at 14:56
  • Make sure you add the URIs when creating the credentials not after. – Victor Michael Kosgei Jul 07 '20 at 12:01
  • It seams 2021 is worse : setup that was working before does not work now. It seams you cannot enter "localhost" origin anymore. It says "not valid origin" – Fabien Quatravaux Feb 08 '21 at 09:37
21

try clear caches and then hard reload, i had same error but when i tried to run on incognito browser in chrome it worked.

Salman Saleem
  • 379
  • 3
  • 13
  • 2
    Worth noting a normal hard refresh with a shift f5 or ctrl f5 didn't do the trick on chrome until I pressed F12 to open the console tab, then right-clicking on the Refresh and click on "Empty cache and Hard Reload" – RJFares May 10 '20 at 09:40
13

Credentials do not work if API is not enabled. In my case the next steps were needed:

  1. Go to https://console.developers.google.com/apis/library
  2. Enter 'People'
  3. From the result choose 'Google People API'
  4. Click 'Enable'
TitanFighter
  • 3,294
  • 1
  • 30
  • 57
10

For me - I just went here:

https://console.developers.google.com/apis/credentials

Then chose the right project; then choose the credential with the same ID shown in your console error message. When editing the credentials you can add multiple origins to the white list.

Reece
  • 577
  • 6
  • 16
7

Creating new oauth credentials worked for me

sudharsan tk
  • 417
  • 6
  • 13
  • 1
    Before I looked in SO I thought "maybe it's the cache".. after deleting the cache didn't work, This solution did. – Hagai Wild Jun 07 '20 at 19:50
7

Key Point: Add both http://localhost and http://localhost:port_number to the Authorized JavaScript origins box for local tests or development.

walter
  • 161
  • 2
  • 4
3

clearing the cache works for me.

for React developers try to restart the project otherwise it will show the same error again and again.

Netch
  • 3,701
  • 1
  • 14
  • 26
zacknight95
  • 31
  • 4
0

I got the error because of Allow-Control-Allow-Origin: * browser extension.

Der_Meister
  • 4,413
  • 2
  • 38
  • 47
0

If you are running it on localhost change the port to 5000 and it will fix it

VardanMelkonyan
  • 168
  • 1
  • 8
0

Trying on a different browser(chrome) worked for me and clearing cache on firefox cleared the issue.

(PS: Not add the hosting URIs to Authorized JavaScript origins in API credentials would give you Error:redirect_uri_mismatch)

sandy
  • 1
0

It was a referrer-policy problem.

This has been such a pain for a long time to me too...

Found the issue, my website instance had a referrer policy set to no-referrer. After setting it to no-referrer-when-downgrade, the One Tap prompt showed up as expected.

https://stackoverflow.com/a/63039142/15565029

If you are using Django, SECURE_REFERRER_POLICY is 'same-origin' by default. Change it by adding the below code in your settings file.

# settings.py
SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'

https://docs.djangoproject.com/en/3.2/ref/settings/#std:setting-SECURE_REFERRER_POLICY

David
  • 3
  • 2
0

Similar to few answers at above but with screenshots. If you created project for Firebase, may also use the same steps to configure at Google Cloud Platform console.

  1. Select the project at https://console.cloud.google.com/
  2. Navigate to Credentials
  3. Click Edit button for the related OAuth 2.0 Client ID
  4. Add URI into Authorized JavaScript origins
  5. Don't forget to Save

enter image description here

enter image description here

Lee Chee Kiam
  • 9,693
  • 10
  • 56
  • 76