Support » Plugin: Photonic Gallery & Lightbox for Flickr, SmugMug, Google Photos & Others » Google Photos Authentication Problem Error 403

  • Resolved robertjanke

    (@robertjanke)


    Hi

    I have followed your instructions but still getting Error 403. Desktop Client didn’t work, so I used Web Client. Put in the 3 URIs, used the Client ID and secret. Got to the page where I can select my account but after that Error 403. I tried the workaround. I disabled all Plugins. Allowed unrestricted API key access. Still can’t authorize.

    Any idea? Thanks!

    The page I need help with: [log in to see the link]

Viewing 15 replies - 1 through 15 (of 21 total)
  • Plugin Author Sayontan

    (@sayontan)

    Where are you getting this error? As a part of the workaround you are supposed to do the authentication on Google OAuth2 Playground, which cannot give you a 403 error.

    That being said, what issue are you facing with the Desktop client? Ever since I introduced this option, the number of support queries for Google Photos came down significantly – that option eliminates all authentication challenges.

    Thread Starter robertjanke

    (@robertjanke)

    I followed the workaround instructions: went to the Google OAuth2 Playground, entered “OAuth Client ID” and “OAuth Client secret”, put in https://www.googleapis.com/auth/photoslibrary.readonly https://www.googleapis.com/auth/photoslibrary.sharing
    I get the account selection screen with my Google Accounts, chose the relevant one and then 403 appears. I can send you the screenshots in a private message or give you access.

    Thread Starter robertjanke

    (@robertjanke)

    When I use the Desktop client, enter the relevant “OAuth Client ID” and “OAuth Client secret” into Photonic and then click on Authenticate, I also get the Google Account Selection screen but again, after selecting the relevant Google Account, 403 appears.

    Plugin Author Sayontan

    (@sayontan)

    after selecting the relevant Google Account, 403 appears.

    Where? In Google? Or in WordPress? What is the exact error text? Can you provide me with a screenshot?

    Thread Starter robertjanke

    (@robertjanke)

    Well, when I click on Authenticate in WordPress I get forwarded to Google for the Google Account selection:
    https://accounts.google.com/o/oauth2/auth/oauthchooseaccount?access_type….

    After I click the relevant Google account, 403 appears:

    Authorization Error
    Error 403: access_denied
    The developer hasn’t given you access to this app. It’s currently being tested and it hasn’t been verified by Google. If you think you should have access, contact the developer (….@gmail.com).
    Learn more
    Request Details
    access_type=offline
    response_type=code
    redirect_uri=https://robertjanke.de/wp-admin/admin.php?page=photonic-auth&source=google
    state=……::%2Fwp-admin%2Fadmin.php%3Fpage%3Dphotonic-auth
    prompt=consent
    client_id=…..-……apps.googleusercontent.com
    scope=https://www.googleapis.com/auth/photoslibrary.rea

    Plugin Author Sayontan

    (@sayontan)

    Have you added the authorized domain etc. correctly in the client setup?

    Basically you will need to ensure that you follow each of the steps in the documentation accurately.

    Thread Starter robertjanke

    (@robertjanke)

    Thread Starter robertjanke

    (@robertjanke)

    I can give you access to my Google account that I want to use for Photonic authorization. It’s not my main account. Hence, privacy isn’t much of an issue.

    Plugin Author Sayontan

    (@sayontan)

    I can give you access to my Google account that I want to use for Photonic authorization. It’s not my main account. Hence, privacy isn’t much of an issue.

    That is not permitted under the forum rules here.

    Are you sure you have given me the values for the authorized domain? The authorized domain is typically just robertjanke.de (without http or https), and no other part of the URL. Also, it isn’t necessary to have an authorized domain – you would typically see it in the “Consent Screen” section.

    It seems like what you have provided are the Authorized Redirect URIs, which are only needed for the the Web Application client type (not the desktop client). Is it possible that you are using the Web client instead of the desktop client?

    Note that this is how Google structures its authorization:

    1. At the top level you have a project. It is unusual for a person to have more than one project. But having the project is essential, because it is where you define your consent screen etc.
    2. Under a project you have client ids, to which you assign scopes. The simplest way to get Photonic working is to have a desktop client – it needs no fancy setup (no redirect URIs etc.), and no workaround is needed. To date I can only recall one person who couldn’t get the desktop client setup working. If you use the web client, however, you have to use the documented workaround using Google Playground, and that is much harder.

    Do you have multiple clients associated to your Google Project? I would suggest eliminating everything that you are not using, or creating a new project and starting from simply one Desktop client. Then follow each step of the documentation correctly.

    If you want to continue with your current setup, first verify if you are using your client ID / secret for the Desktop client, or for the web client. If you are using it for the web client, directly head over to the OAuth2 Playground as per the documentation, and try validating there. At that point, the authentication is out of Photonic’s hands, and any error you get would confirm to you that there is a setup problem with your client ID.

    Thread Starter robertjanke

    (@robertjanke)

    Is verified domain ownership relevant or not? WordPress is installed on the robertjanke.de domain. This domain is verified via Google Workspace. However, I want Photonic to access the Google Photos of another Gmail account, which is not registered as owner of robertjanke.de Is that the problem? Can I only access the Google Photos of the Google account with verified ownership of my domain robertjanke.de? I have followed all the authentication steps on the second Google account where I want to access the photos but which is not the (verified) owner of my domain.

    • This reply was modified 1 month, 2 weeks ago by robertjanke.
    Plugin Author Sayontan

    (@sayontan)

    Can I only access the Google Photos of the Google account with verified ownership of my domain robertjanke.de?

    You can access data for the account that you are logging in with.

    Since you have also used Photonic for Instagram, let me use a different example. In Instagram, you are not defining your Client ID / Secret. Rather my Client ID and secret are used for it – when you authenticate using Photonic, you are taken to a “Redirection URL” that I have provided, and the authentication happens there. Typically this is how authentication works. It doesn’t matter that the app has my client id – you are not seeing my photos. Rather, you are logging in and you are permitting my client id to see your public photos.

    But in case of Google, I cannot do the above – Google puts a cap on the number of requests that can be made on a single client ID. So if you logged in and permitted my client id to see your public photos, those would count against my client ID’s quota. If Photonic has 2000 users of Google Photos, all of their usage would add up, and the quota limit will be reached within a few hours. That is why the process requires individuals to set up their own client id. You can log in from any account – all that needs to happen is that you log in, and you allow your client id (of one domain) to access your photos (from another account).

    Thread Starter robertjanke

    (@robertjanke)

    1. Created a project on the Google account where I want to access the photos. Don’t have any other projects.
    2. Created API key, no restrictions. No other APIs.
    3. Created OAuth 2.0 Client IDs Desktop and Web
    4. Desktop Client ID and Client Secret in Photonic WordPress returned 403. All WordPress Plugins disabled except Photonic.
    5. Changed Client ID and Client Secret to Web credentials in Photonic WordPress
    6. Went to Google OAuth2 Playground and used Web credentials but also got 403.

    What do you mean by “Are you sure you have given me the values for the authorized domain?”

    • This reply was modified 1 month, 2 weeks ago by robertjanke.
    • This reply was modified 1 month, 2 weeks ago by robertjanke.
    • This reply was modified 1 month, 2 weeks ago by robertjanke.
    • This reply was modified 1 month, 2 weeks ago by robertjanke.
    Plugin Author Sayontan

    (@sayontan)

    2. Created API key, no restrictions. No other APIs.

    You shouldn’t need an API key for this. Can you delete it?

    6. Went to Google OAuth2 Playground and used Web credentials but also got 403.

    You are probably aware: this above point alone indicates that the problem is not within Photonic (or WordPress, for that matter). The OAuth2 Playground (which is provided by Google) should help you do this authentication independent of where you are using the client id and secret.

    A few more questions:

    • In your Consent Screen configuration is you app set to be “Internal” or “External”? It should be “External”.
    • Did you add the Photos Library API to your project?

    None of the above is guaranteed to make things work – I am just helping eliminate other common sources of errors.

    Thread Starter robertjanke

    (@robertjanke)

    API Key deleted. It’s External. Yes, Photos Library API added. Authorized domain: robertjanke.de

    Click here for screenshots of the API interface.

    • This reply was modified 1 month, 2 weeks ago by robertjanke.
    Thread Starter robertjanke

    (@robertjanke)

    I have tried another Google account now. I set-up the Desktop client. After providing Client ID and Secret in Photonic WP and hitting Authenticate I get “Authorization Error
    Error 400: redirect_uri_mismatch”. How can there be an uri mismatch? I haven’t provided any redirect uri because that option is only available for Web, not Desktop.

Viewing 15 replies - 1 through 15 (of 21 total)
  • You must be logged in to reply to this topic.