I associated with my other email (mymail#cn.waha.com) with my google account (jinchihe#gmail.com).
When I try to run the gcloud auth login mymail#cn.waha.com, open a web browser, and by default that's gmail and I selected the Use another account to input my other email and password, and then still show Google Cloud Sdk wants to access your Google Account jinchihe#gmail.com, I click Allow but screen shows
ERROR: (gcloud.auth.login) You attempted to log in as account [mymail#cn.waha.com] but the received credentials were for account [jinchihe#gmail.com].
Please check that your browser is logged in as account [mymail#cn.waha.com] and that you are using the correct browser profile.
Seems only can logged in by google account? How can I log in with my mymail#cn.waha.com, I need show mymail#cn.waha.com in gcloud info so pass authentication. Thanks!
You can sign in using one of the following identities:
Google account
Service account
Google group G Suite domain account
If your domain is part of the Google G suite domain then you should be able to log in, using third party domains (such a Hotmail, yahoo, etc) won't let you*. You state that you were able to "log in" into your account through the browser and "allow" the permission. After that you should see a code (random string of text) that you would have to copy and paste into the shell console before continuing the authentication.
*note: you can create a Google Account using a third party email domain, just go to the Create your Coogle Account page and click on "Use my current email address instead" to introduce your personal email (in your case "mymail#cn.waha.com").
Also, according to the error message, you are running the command with "mymail#cn.waha.com" but on the browser you are logging in with "jinchihe#gmail.com" account.
Related
I am facing an issue with the client name displayed in Google Admin > Security > API controls > Domain-wide Delegation.
Let's say I have created a service account on Google Cloud Platform:
When I authorize a scope for that service account on Google Admin side (different workspace), the name displayed doesn't match anything I have typed:
For the record, this M Connector descriptor was used before for another service account in the same Google Project (or another project of same Google Workspace, don't remember exactly), but clearly today I don't have any service account matching this in my Google Project.
Is there a way to control the name displayed in Google Admin Domain-wide Delegation list ?
The API Client Name that is displayed in your Domain-wide delegation is actually the name of your App in your Oauth Consent Screen.
my service account:
my domain-wide delegation:
I added a user to my Azure Devops project but when they click on the link in the invitation email they get the "401 - Uh-oh, you do not have access." error. What am I doing wrong?
What I did that seems to have worked, was I made the project public, and the other user was able to access it. After they had accessed one time successfully I made it private again. They are still able to get to it.
First, check if your Azure DevOps organization is AAD based or not. Then that invited user should use corresponding account, work/school account for AAD based, personal account for the other. For example:
A highly specific 401 error case. In this case, both a personal Microsoft account and a work or school account (Azure AD) that have the same sign-in address exist. You've signed in with your work or school account, but your personal account is the identity with access to the organization.
More detail explanation you could take a look at our official documentation here:
Why can't I sign in after I select "personal Microsoft account" or
"work or school account"?
Although both identities use the same sign-in address, they're separate: they have different profiles, security settings, and permissions. Sign out completely from Azure DevOps by completing the following steps. Closing your browser might not sign you out
completely. Sign in again and select your other identity:
Close all browsers, including browsers that aren't running Azure DevOps.
Open a private or incognito browsing session.
Go to this URL: https://aka.ms/vssignout.
You see a message that says, "Sign out in progress." After you sign out, you're redirected to the Azure DevOps #dev.azure.microsoft.com webpage.
If the sign-out page takes more than a minute to sign you out, close the browser and continue.
Sign in to Azure DevOps again. Select your other identity.
Suggest you to use a InPrivate mode browser to login, then use your Microsoft Account to authenticate, also select personal account if you need to choose between a "work or school account" and my "personal account".
I have setup an API Connect developer portal in the sandbox catalog (I've been following the basic tutorials about configuring an API developer portal found here).
I receive a message saying that i'll get a one time login link so that i can login to the portal as admin and reset my password. However, this never arrives. I have tried configuring the portal a number of times now and this link never comes. Therefore i'm unable to login as admin.
I've also tried using the 'request new password' option on the developer portal itself and entering my email but this also does not work
Is there a way I can retrieve the login link?
This could be a number of things:
1) the IBM emails often get flagged as spam
2) the IBM email server, or rather the people they've contracted this out to, doesn't fully comply with DKIM/SPF security, so if you are on a corporate server that requires this then you won't get your emails.
The workaround I've done in the past is spin up a gmail account and be sure to check my spam folder.
We have been using Google for Work for years now and have a domain setup thru godaddy. We got it so we would have a descent email server without having to worry about it. I then signed up for the Google Developers Console to expand the options we have available and move our local apache/php business software to the cloud. I correctly setup a project with a lamp instance which also works great.
Problem is I cant add projects thru the
https://console.developers.google.com/project?authuser=0
it returns
Error Developers Console has not been activated for your account.
Your account may be suspended or disabled. If you are a Google Apps
user, ask your domain administrator to enable Apphosting Admin on your
account.
But from here I can add new projects
https://code.google.com/apis/console
If I goto the Google for Work console App Engine apps it says
No services have been installed.
Add services to your domain
I click the link to add the service
and goto the Other Services
Google App Engine Provide existing Google App Engine services to your
users.
Enter App ID:*
What is the App ID? I have already authorized the domain we are using for the services.
If I goto Google for Work Domain admin and try to add the other domain we have it says
We are sorry, but you do not have access to Webmaster tool. Please log
in to your Admin Console to enable Webmaster tool. Learn more
Its also adding the domain name to the Project ID: which causes this error in the SDK console
:\Program Files\Google\Cloud SDK>gcloud compute ssh
example.com:api-project-??????? --zone us-central1-a ERROR:
(gcloud.compute.ssh) Could not fetch instance:
- Invalid value 'example.com:api-project-???????'. Values must match the following regular expression: '[a-z](? z0-9]{0,61}[a-z0-9])?'
Im really confused
Go to admin.google.com, login with our organisation account, go to Apps -> Additional Google Services -> Enable the services you need.
We've been working on an Google Apps-app meant to be installed by a domain administrator. We initially tried to list it via the (now deprecated) market listing, but all new submissions must now go through the Google Apps Marketplace SDK.
We're having an issue with the new GAM SDK SSO however - despite having installed it on our domain internally, each user is prompted via the consent screen when sending them to the OAuth login url. The OAuth url is asking for the same permission scope as is registered in the GAM SDK configuration screen.
The docs seem to be entirely conflicting on how to pull off non-challenged SSO for apps installed by the GA admin.
What url, with what params, we should be sending users to authenticate with GA without being asked for (presumably already granted) consent?
Can you share the code with which you are asking for authorization?
9 out of 10 times, if each user in the domain is getting prompted, that is because you are asking for "offline" access. Domain wide authorization cannot be done for offline access. In Python for instance, you can do that like this -
constructor_kwargs = {
'redirect_uri': GOOGLE_AUTH_CALLBACK_URL,
'auth_uri': client_info['auth_uri'],
'token_uri': client_info['token_uri'],
'access_type' : 'online'
}
flow = OAuth2WebServerFlow(client_info['client_id'],
client_info['client_secret'],
SCOPES, **constructor_kwargs)