16

I assume it has something to do with this:

For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...

https://news.ycombinator.com/item?id=17044518#17045809

but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.

My domain are obviously added on console.developers.google.com

Any ETA for fix this? Some information would be great for people who rely on it.

Community
  • 1
  • 1
tsukasagenesis
  • 171
  • 1
  • 4

3 Answers3

5

Google YOLO is not disabled. It is open to a small list of Google Partners. The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.

Reference: https://twitter.com/sirdarckcat/status/994867137704587264

Dhruv Balhara
  • 337
  • 2
  • 13
  • 9
    whaaattt??? I have searched in vain across _all_ the docs for this tech, and nowhere does it mention any whitelist or suchlike. Ya gotta be kidding!! Absolutely unacceptable behaviour from google here imho. reprehensible. – stephensong May 12 '18 at 01:05
  • Well, now it has a link to a "request form"... which is only accessible to Google itself. – user1686 May 14 '18 at 04:24
  • This really screwed us too. I read the documentation extensively when we were integrating this into our site and it didn't mention anywhere that it was only temporarily available. It actually directed you to this API when you went to the regular OAuth docs. – rybl May 22 '18 at 16:20
3

Google YOLO was put on whitelist after a client-side exploit became clear to google. People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept). Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.

d-_-b
  • 21,536
  • 40
  • 150
  • 256
Lars Dormans
  • 171
  • 1
  • 13
0

Google retroactively labeled One-Tap as a "closed beta".

https://developers.google.com/identity/one-tap/web

The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.

The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.

pkamb
  • 33,281
  • 23
  • 160
  • 191