JILIMACAO apps.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved tmora
(@tmora)

1 year, 1 month ago

Hi, We are just wanted testing your plugin on our staging page, but after we created configuration with Google – verify setting – Error 403: access_denied.

Screen: https://www.dropbox.com/s/ijp5xsevtwqtpae/Screenshot%202024-01-30%20at%2013.18.04.png?dl=0

I appreciate any help. Tomas

The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

Plugin Support Robert
(@robertnextendweb)

1 year, 1 month ago

Hi @tmora!

I believe this error is because your Google App’s Publishing status is still in “Testing”. You should set this to “In production”. You can change this by going to the Google console:
https://console.developers.google.com/apis/
Make sure that the correct App is selected at the top, and then go to the “Oauth consent screen” menu on the left. There you will see the “Publishing status”.

Thread Starter tmora
(@tmora)

1 year, 1 month ago

@robertnextendweb

Perfect! thanks.. Might be a good idea to add that to your manual.

vrushalli22
(@vrushalli22)

10 months, 2 weeks ago

Hello im facing same issue but my status of app is published still getting 403

“Server Error 403 Forbidden You do not have permission to access this document”

Please help me with this
Thank you
Plugin Support Robert
(@robertnextendweb)

10 months, 2 weeks ago
Hi @vrushalli22

What you are seeing is not the same error, the problem mentioned in this topic originally is on the side of the Google App, but yours is on your server.

The problem on your website is caused by a firewall ( probably ModSecurity ) that blocks requests when they contain certain strings, more specifically “.profile”:
- https://nextendweb.com/nextend-social-login-docs/google-403-and-404-errors/
With ModSecurity this is actually a very common problem, as they have this string on their black list, however one of the scopes that Google uses:
- https://www.googleapis.com/auth/userinfo.profile
also contains that “.profile” string, which means the OAuth requests of Google will be blocked.

You can actually reproduce this problem easily, even without Nextend Social Login. You just need to open the /wp-login.php page with the .profile string appearing in a GET parameters value, e.g.:
- /wp-login.php?test=.profile
The request will be blocked and will return a 403 error. But if you make it no longer contain the blacklisted “.profile” string, e.g. you remove the last “e” character:
- /wp-login.php?test=.profil
that will load the /wp-login.php page just fine.

So to fix the problem, you should get in touch with your host and ask them to disable the rule that causes the problem. They have an error log that contains all kinds of error messages, including the ones triggered by the firewall. And that should contain the rule ID that causes this 403 error (sometimes 404).

Extra note: Please note that this topic has already been resolved, so if you would have a question or problem in the future, please open a new topic, or contact us directly here through our ticket system:
https://nextendweb.com/contact-us/nextend-social-login-support/

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Google – Error 403: access_denied’ is closed to new replies.