<div dir="ltr">I went back and checked my notes from when we were setting up our GSuite resource and found this: "the documentation for getting a refreshToken has been deprecated by Google (<a href="https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob">https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html#disallowed-oob</a>). I didn't go through the steps of tweaking Evolveum's script due to time constraints, instead I was able to use a workaround (<a href="https://stackoverflow.com/questions/71318804/google-oauth-2-0-failing-with-error-400-invalid-request-for-some-client-id-but">https://stackoverflow.com/questions/71318804/google-oauth-2-0-failing-with-error-400-invalid-request-for-some-client-id-but</a>), changing the redirect_uri to "<a href="http://localhost:1">http://localhost:1</a>" and grabbing the code parameter from the response URL. That gave me the refresh token and I was able to successfully connect to Google".<div><br></div><div>This to me looks like another version of the workaround. Hopefully you can grab the code parameter from the response URL and use it in Midpoint.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 9, 2022 at 11:17 AM Luke Novak via midPoint <<a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg5524448421565746595">




<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Hey all</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
I am getting a localhost error message when trying to update my oauth refresh token.  After signing into Google and clicking to allow Midpoint access I am getting this error message.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
I am seeing this redirect to the localhost in the url that maven spits out to click on.  Is this correct?</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<a href="https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force&client_id=931203756627-a2p9n99312e83jbd11s7s3468sh06cm5.apps.googleusercontent.com&redirect_uri=http://localhost:39907/Callback&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.group%20https://www.googleapis.com/auth/admin.directory.orgunit%20https://www.googleapis.com/auth/admin.directory.user%20https://www.googleapis.com/auth/apps.licensing" id="m_5524448421565746595LPlnk733596" target="_blank">redirect_uri=http://localhost:39907/Callback&response_type=code&scope=</a><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Any ideas.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Thanks</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Luke</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Lucas Novak</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Systems Engineer</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
OAISD</div>
</div>

_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="font-size:small">------------------------------------------------------------------------</span><br style="font-size:small"><span style="font-size:small">Matt Mize,</span> (he, him, his)</div><div>Director, Software Engineering & Web Engineering</div><div><a href="mailto:mmize1@udayton.edu" style="color:rgb(17,85,204)" target="_blank">mmize1@udayton.edu</a><br></div><div><div style="font-size:small"><a href="https://www.name-coach.com/matt-mize" style="border-radius:0px;color:rgb(136,91,192);font-family:"Open Sans",Arial,sans-serif;font-size:20px;outline:0px" target="_blank"><img alt="A button with "Hear my name" text for name playback in email signature" src="https://www.name-coach.com/images/emailsig/email-sig.jpeg" style="border-radius: 0px; border: 0px; vertical-align: middle; margin-top: 4px; margin-bottom: 15px;" width="96" height="27"></a><br></div><div style="font-size:small">IT Service Center, (937) 229-3888, <a href="mailto:itservicecenter@udayton.edu" style="color:rgb(17,85,204)" target="_blank">itservicecenter@udayton.edu</a><br></div><div style="font-size:small"><br></div><div style="font-size:small">University of Dayton<br>300 College Park, Dayton, OH, 45469-2230<br></div></div></div></div></div></div></div></div></div></div></div></div></div>