If you're trying this from a mobile phone (captive portal browser) then yes, it will be blocked as google is blocking all embedded browsers and any "not-full browsers". It means google authentication can't really be used from mobile devices when accessed throguh the captive portal.
also, your authorized redirect seems wrong. You need to provide a proper, REAL HTTPS (with valid certificate) url / server name. NOT " pf.packetfence.org/oauth2/callback" you need a proper domain name / proper server name. On Thu, May 19, 2022 at 10:40 AM leonardo.izzo--- via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > hi, could you please answer? Thanks > > > > > > > > *Da:* leonardo.i...@itsinformatica.it <leonardo.i...@itsinformatica.it> > *Inviato:* domenica 15 maggio 2022 15:39 > *A:* 'packetfence-users@lists.sourceforge.net' < > packetfence-users@lists.sourceforge.net>; 'luza...@akamai.com' < > luza...@akamai.com> > *Oggetto:* Google Oauth2 captive portal > > > > hi, i configured pf for a captive portal with OAuth2 using google. > > I followed the instructions in the guide on what to do on > http://code.google.com/apis/console: > > 1) I created a project > > 2) I went to "OAuth consent screen" and configured it \ I chose External > and then Create \ I gave a name and email, then I went on without entering > anything > > 3) I went to Credentials \ Create credentials \ I chose "OAuth client ID" > \ and then as application type "Web Application" and I gave the name pf > > 4) I went under "Authorized redirect URI" \ Add URI \ and I entered the > string https://pf.packetfence.org/oauth2/callback as in my Packetfence > console in Configuration \ System Configuration \ General Configuration I > have pf Domain = packetfence.org and Hostname = pf > > 5) I have saved the "client ID" and the "client secret" > > 6) I went to the OAuth consent screen \ modify App \ authorized domains > and entered: > > google.com, google.it, etc. > > 7) I went to OAuth Consent Screen \ Publish App > > > > I then created a Google-type external authentication source by entering > the data created in the previous point. > > I then created a connection profile containing this source. > > > > When I try to connect from a device, I get the following error: > > > > Authorization error > > Error 400: invalid_request > > You can't sign in to this app because it doesn't comply with Google's > OAuth 2.0 policy for keeping apps secure. > > > > You can let the app developer know that this app doesn't comply with one > or more Google validation rules. > > Find out more > > Request details > > The content in this section was provided by the app developer and has not > been reviewed or verified by Google. > > If you developed the app, make sure these request details comply with > Google's policies. > > redirect_uri: https: // <hostname> / oauth2 / callback > > > > Thanks > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
