Android Google OAuth 身份验证突然失败并发出“disabled_client”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24686567/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Google OAuth Authentication suddenly fails and issues "disabled_client"
提问by MarkusM
We run a web application with a Java Script- and an Android front end. We use Google IDs with OAuth for authentication. Everything worked find until today authenticaiton suddenly stopped working. There was no new software version deployed or any operational changes. Now, when a user tries to log on via the browser application, Google issues
我们运行一个带有 Java Script 和 Android 前端的 Web 应用程序。我们使用带有 OAuth 的 Google ID 进行身份验证。一切正常,直到今天认证突然停止工作。没有部署新的软件版本或任何操作更改。现在,当用户尝试通过浏览器应用程序登录时,Google 会发出
401. That's an error.
Error: disabled_client
The OAuth client was disabled.
Request Details
scope=openid profile email
response_type=code
redirect_uri=https://***.net/signin-google
state=***
client_id=******.apps.googleusercontent.com
That's all we know.
When logging in via Android App, authentication fails too, GoogleAuthUtil.getToken raises an unspecific exception.
通过 Android 应用程序登录时,身份验证也会失败,GoogleAuthUtil.getToken 会引发非特定异常。
I couldn't find much information when googling for this error message. Some say, one should try to change the application name in the consent screen. This didn't help in my case.
在谷歌上搜索此错误消息时,我找不到太多信息。有人说,应该尝试更改同意屏幕中的应用程序名称。这对我的情况没有帮助。
In developer console I noticed, that I cannot create a new Client ID for this project. I always get a technical error ("Server Error Whoops! Our Bad.") with a tracking number. Seems to be related.
在开发人员控制台中,我注意到我无法为该项目创建新的客户端 ID。我总是收到带有跟踪号的技术错误(“服务器错误哎呀!我们的错误。”)。好像有关系。
I have a total of 7 Client IDs registered for this project and 3 public API access keys.
我总共为这个项目注册了 7 个客户端 ID 和 3 个公共 API 访问密钥。
Is it possible, that Google explicitly disabled our project? That's how it actually feels. For what reason? I didn't get any notification. Our product is an application for access control, nothing special or illegal here.
谷歌是否有可能明确禁用我们的项目?这就是它实际的感觉。是什么原因?我没有收到任何通知。我们的产品是访问控制的应用程序,这里没有什么特别的或非法的。
Any ideas? This is a production environment, so for us the problem is absolutely severe.
有任何想法吗?这是一个生产环境,所以对我们来说问题绝对严重。
Thanks for any help!
谢谢你的帮助!
采纳答案by MarkusM
In the meantime we found out, that our Android App was removed from the Play Store and we got following notification:
与此同时,我们发现我们的 Android 应用已从 Play 商店中删除,我们收到以下通知:
This is a notification that your application, <...>, with package ID <...>, has been removed from the Google Play Store. REASON FOR REMOVAL: Violation of the Personal and Confidential Information provision of the Content Policy.Please refer to the policy help article for more information.
- We don't allow unauthorized publishing or disclosure of people's private and confidential information, such as credit card numbers, government identification numbers, driver's and other license numbers, non-public contacts, or any other information that is not publicly accessible.
这是一个通知,表明您的应用程序 <...>(包 ID <...>)已从 Google Play 商店中删除。删除原因:违反内容政策的个人和机密信息条款。有关更多信息,请参阅政策帮助文章。
- 我们不允许未经授权发布或披露人们的私人和机密信息,例如信用卡号、政府身号、驾照和其他驾照号码、非公开联系人或任何其他不可公开访问的信息。
We are very careful about the data inside our application and we take privacy and security extremely seriously as the hole app is about security and our customer's trust is absolutely essential. However, we recently introduced a feature that periodically sends the LogCat output to our servers for debugging reasons. Our app is in an early preview state which we make clear in the app description. It's used by a very limited number of people as it can only be used with a special piece of hardware we provide. The LogCat output only contains data from the app itself, no confident data of any kind. We published a couple of related apps and not all have the feature even included but all were suspended. However, we guessthat this feature is the reason for removing.
我们非常小心我们应用程序中的数据,我们非常重视隐私和安全,因为漏洞应用程序是关于安全的,我们客户的信任是绝对必要的。但是,我们最近推出了一项功能,该功能会出于调试原因定期将 LogCat 输出发送到我们的服务器。我们的应用程序处于早期预览状态,我们在应用程序说明中明确说明了这一点。它的使用人数非常有限,因为它只能与我们提供的特殊硬件一起使用。LogCat 输出仅包含来自应用程序本身的数据,没有任何类型的可信数据。我们发布了几个相关的应用程序,并不是所有的应用程序都包含该功能,但都被暂停了。但是,我们猜测此功能是删除的原因。
EditIn the meantime we wrote an appeal via the form provided on Google Play. The ban was removed from Google Play and the related Google OAuth Client shortly after.
编辑在此期间,我们通过 Google Play 上提供的表格撰写了申诉。不久之后,该禁令从 Google Play 和相关的 Google OAuth 客户端中删除。
We were informed, that our App collects names of running tasks and sends them to our servers, which is not the case. However, we used the crittercism library and the crittercism docs suggest to require the "GET_TASKS" permission, what we did. I don't think, that Crittercism is considered as dangerous as it's used by lots of applications. But maybe the combination of a Logging Service on the one hand and the GET_TASKS permission on the other hand, although not dangerous in our case, triggered some automatic rules at Google.
我们被告知,我们的应用程序会收集正在运行的任务的名称并将它们发送到我们的服务器,但事实并非如此。但是,我们使用了 crittercism 库,并且 crittercism 文档建议需要“GET_TASKS”权限,我们所做的。我不认为 Crittercism 被认为与许多应用程序使用的一样危险。但也许一方面是日志服务,另一方面是 GET_TASKS 权限,虽然在我们的例子中并不危险,但在谷歌触发了一些自动规则。
To fix this we simply removed Crittercism and all related permission requirements as it wasn't very useful for us anyways.
为了解决这个问题,我们简单地删除了 Crittercism 和所有相关的权限要求,因为它对我们来说并不是很有用。
