53

Please note: This is NOT a duplicate as I followed the SO only verified answer by creating a new project yet it didn't work. Also my case is with chrome extension or chrome app client ID from dev console.

Error:

Error 403: access_denied The developer hasn’t given you access to this app. It’s currently being tested and it hasn’t been verified by Google. If you think you should have access, contact the developer

Even though, just like the other post I'm accessing it from owner account. At the same time, I can't leave a comment on the answer of that post as my reputation isn't high enough. Nonetheless,

I am trying to retrieve access token from the user via:

manifest.json:

{
    "manifest_version": 2,
    "name": "To be named",
    "description": "This extension helps...",
    "version": "0.1.0",
    "browser_action":{
        "default_popup":"popup.html"
    },
    "permissions": [
        "storage",
        "identity",
        "identity.email",
        "http://127.0.0.1:5000/Time"
    ],

    "oauth2":{
        "client_id":"10977...esr6.apps.googleusercontent.com",
        "scopes":["https://www.googleapis.com/auth/userinfo.profile"]
    },
    "background": {
        "scripts": ["background.js"],
        "persistent": false
    },  
    "content_scripts": [{
        "matches": ["https://www.blank.org/"], 
        "js": ["content.js"],
        "css": ["styles.css"]
    }]
}

background.js:

chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
  if (token){alert('token is ' + token)}
  else{alert('token not present')}
});

P.S: I don't want to go through the verifying route as I am in a testing stage. Also I'd expect verification to be not needed from the owner.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Daniyal dehleh
  • 2,314
  • 2
  • 7
  • 22
  • Thanks for the crucial tip! May I know what you mean by (storage)? I have no desire to do so. Sadly, I found this way probably to probably be the only effective way of securing chrome extension API calls until I hit a wall. Please check out my new post (https://stackoverflow.com/questions/65756808/securing-chrome-extension-api-calls-with-tokens) – Daniyal dehleh Jan 17 '21 at 02:43

1 Answers1

151

Solution:

  1. Go to your developer console.
  2. Go to OAuth consent screen.
  3. Go to +Add users, under test users.
  4. Add the users for the test (even the owner email address if not working without it)
Daniyal dehleh
  • 2,314
  • 2
  • 7
  • 22
  • I also followed the same steps but after authentication I'm getting ssl error, `[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)` how can I get rid of this error? – ninjacode Dec 07 '21 at 09:31
  • either publish the app or add test users – user1912383 Dec 11 '22 at 16:56