Discussions
Categories
- 384.5K All Categories
- 2.5K Data
- 552 Big Data Appliance
- 1.9K Data Science
- 451.3K Databases
- 222.1K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 32 Multilingual Engine
- 560 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 561 SQLcl
- 4K SQL Developer Data Modeler
- 187.5K SQL & PL/SQL
- 21.4K SQL Developer
- 296.9K Development
- Application Development
- 18 Developer Projects
- 140 Programming Languages
- 293.5K Development Tools
- 112 DevOps
- 3.1K QA/Testing
- 646.2K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 193 Java Community Process
- 106 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 21 Java Essentials
- 165 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 206 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 530 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 178 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 236 Portuguese
Oracle APEX 18.1 Social Sign-In google
hello,
for the apex.oracle.com ,the Social sign-in google gives the error :
it works with apexea.oracle.com
regards
jm
Best Answer
Answers
-
Hi JM,
on apex.oracle.com, we are white-listing URLs for REST access and this URL was not yet in the list. Can you please try again?
Regards,
Christian
-
hello christian,
yes is works now.
i have the same issue with microsoft account
best regards
jm
-
-
hello christian,
it works perfect now.
best regards
jean-marc
-
@Christian Neumueller-Oracle I followed the instructions here (changing the callback to apex.oracle.com instead of apexea.oracle.com of course) to setup Google authentication for application 47682 on apex.oracle.com and I get the Google login screen and I pick my account but APEX throws an error
An unexpected internal application error has occurred. Please get in contact with your system administrator and provide reference# for further investigation.
Am I doing something wrong or is this not supported on apex.oracle.com?
Thanks
-
Hi Vikas,
debug output shows this
JSON POST https://www.googleapis.com/oauth2/v4/token request got HTTP status 401
{
"error": "invalid_client",
"error_description": "Unauthorized"
}
when APEX sends Client ID/Secret to get the access token. I think you must have a typo in the credentials, perhaps additional spaces.
Regards,
Christian
-
Yup that's exactly what it was, the secret field is masked so you can't see trailing spaces!
Follow up question about the Scope attribute in the authentication scheme... The field help says to use profile,email and to use APEX_JSON.GET_* in the post authentication procedure to get data. Not sure I understand what this means. Can you please explain how this works with an example? I'm guessing it's a mechanism to read some data elements from the user's Google profile and display them in the APEX application, right? Where does Google document the full list of values and data elements available for this attribute?
-
The scope defines what groups of attributes you want to receive from the authentication provider. OpenID standardizes a few and Google implements OpenID. However, you should check out the documentation of the provider for what is available. Enable LEVEL9 in your session to see the returned JSON for debugging.
Here is an example from one of my test apps:
- Scope: profile,email,https://www.googleapis.com/auth/gmail.metadata
- Username attribute: email
- Post-authentication procedure:
procedure post_auth is
begin
:G_USER_INFO := 'Authenticated via Google. '||chr(10)||
'Profile: '||apex_json.get_varchar2('profile')||chr(10)||
'Picture: '||apex_json.get_varchar2('picture')||chr(10)||
'Email: '||apex_json.get_varchar2('email')||chr(10)||
'ID Token: '||apex_json.get_varchar2('id_token')||chr(10)||
'Access Token: '||apex_json.get_varchar2('access_token');
end post_auth; - PL/SQL region to query GMail labels (requires gmail.metadata scope)
declare
c clob;
begin
c := apex_web_service.make_rest_request (
p_url => 'https://www.googleapis.com/gmail/v1/users/'||:APP_USER||'/labels',
p_http_method => 'GET',
p_credential_static_id => 'GOOGLE' );
htp.p(apex_escape.html(c));
end;
The Social Sign-In Authn saves the OAuth2 access token in the session credentials store, so you can make additional REST calls to the authentication provider, like above. However, the access token's lifetime is different than the APEX session lifetime. We have not implemented automatic refresh yet, so once the access token expires, these calls will fail. You can use them to fetch additional data to set up the APEX session, though.
Google documentation:
- https://developers.google.com/+/web/api/rest/oauth#authorization-scopes
- https://developers.google.com/identity/protocols/googlescopes
Regards,
Christian
-
Thanks that's very helpful. One last question... a) What instance level APEX configuration is needed to allow this?
what database ACL configuration is needed to allow this? -
Social Sign-In uses APEX_WEB_SERVICE internally (or rather, it's implementation package). You have to set up your ACLs in a way that enables call-outs to the Google URLs (accounts.google.com, www.googleapis.com). If you are using the Authorized URLs feature, you need to white-list them, too.
Regards,
Christian
