Need help with createAuthUri in Version 3.

[Michael Cook]

I am using the php api libraries and modifying the quick-start app.  I need to get the authUri from creatAuthUri and am having no success.  I have tried curl and cannot seem to get this working.  I have searched for hours and cannot find an example of how to use the V3 curl statement.  

This function is exactly what i need, but it produces a app_error_call_federation.  I found it on the forum and modified the code for V3.

function get_idp_url()

        {

                $postData = array();

                $postData['identifier'] = "google.com"; 

                $postData['continueUrl'] = "http://myredirecturl";

                $ch = curl_init();

                curl_setopt_array($ch, array(

                        CURLOPT_URL => "https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=my public access API Key",

                        CURLOPT_RETURNTRANSFER => 1,

                        CURLOPT_HTTPHEADER => array('Content-Type: application/json'),

                        CURLOPT_POSTFIELDS => json_encode($postData),

                        CURLOPT_SSL_VERIFYPEER => FALSE,

                        CURLOPT_SSL_VERIFYHOST => FALSE));

                $response = curl_exec($ch);

                $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

                curl_close($ch);

                if ($http_code == '200' && !empty($response)) {

                        $res =  json_decode($response, true);

                        //redirect( $res['authUri'] );

                        echo $res['authUri'] ;

                } else {

                        echo "app_error_call_federation";

                        return;

                }

        }

I have also tried to test this with a one line curl statement and no luck.

curl -v -d "{'identifier': 'googlep.com', 'continueUri':'http://myredirecturl'}" -H "Content-Type: application/json" "https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=my public access API Key"

Any help with this would be much much appreciated.

Thanks again.

Mike Cook

[Jin Liu]

The 'identifier' should be an email. You may use 'providerId' for discovery based on identity provider:

curl -d "{'providerId': 'google.com', 'continueUri':'...'}

[Michael Cook]

Thank you I made that change and am still having no luck.  I am now getting Invalid Key.  I have verified that my API key is correct and all need APIs are turned on.  I am thinking this may be a referrer problem.

[Jin Liu]

Could you paste the curl output? And just for confirmation - have you clicked the 'Save' button in the Google Identity Toolkit configuration page of Google Developers Console, as described in https://developers.google.com/identity-toolkit/v3/configure-service?

[Michael Cook]

I am actually using the Google Api Explorer at the moment and this is the output.

POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?fields=authUri&key={YOUR_API_KEY} Content-Type: application/json X-JavaScript-User-Agent: Google APIs Explorer {
 "continueUri": "http://auth.sumneresc.org/login/gitkit.php",
 "providerId": "google.com"
}

------------------------output----------------------------


400 Bad Request
 
- Show headers - {
 "error": {
 "errors": [
 {
 "domain": "global",
 "reason": "invalid",
 "message": "CONFIGURATION_NOT_FOUND"
 }
 ],
 "code": 400,
 "message": "CONFIGURATION_NOT_FOUND"
 }
}

If I run this code in my browser using Postman I get the following

https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=api_key&continueUri=http://auth.sumneresc.org/login/gitkit.php&providerId=google.com



  --------output-----------------


{
    "error": {
        "errors": [
            {
                "domain": "usageLimits",
                "reason": "accessNotConfigured",
                "message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.",
                "extendedHelp": "https://console.developers.google.com"
            }
        ],
        "code": 403,
        "message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration."
    }
}

If I do a curl on my server

curl -d "{'providerId': 'google.com', 'continueUri':'http://auth.sumneresc.org/login/gitkit.php'}" -H "Content-Type: application/json" "https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=api-key-removed"
{
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "accessNotConfigured",
    "message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.",
    "extendedHelp": "https://console.developers.google.com"
   }
  ],
  "code": 403,
  "message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration."
 }
}
administrator@LinuxVM:~$

Hope that is what you are looking for

[Michael Cook]

Wanted to update the state on this.  Jin Lui was very kind to help me out.  I needed to add the referrer in the curl statement.  

$ curl -d "{'providerId': 'google.com', 'continueUri':'http://auth.sumneresc.org/login/gitkit.php'}" -H "Content-Type: application/json" --referer http://auth.sumneresc.org "https://www.googleapis.com/identitytoolkit/v3/relyingparty/createAuthUri?key=api-key-removed"

Much thanks!!

Mike Cook

[Samridhi Singhi]

Hi,

I'm facing a similar issue. The output at the API Explorer console is 

400 OK

- Show headers -

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "invalid",
    "message": "CONFIGURATION_NOT_FOUND"
   }
  ],
  "code": 400,
  "message": "CONFIGURATION_NOT_FOUND"
 }
}

I'm confused as it is 400 OK and not a bad request etc. 
Would appreciate your help.

Thanks,
Sam