Page MenuHomePhabricator

Google OAuth verification for tools require domain verification
Open, Needs TriagePublic

Description

We were trying to get the Google OAuth login on https://tools.wmflabs.org/google-drive-photos-to-commons/ verified by Google. The latest reply from Google says that:

Domain Verification

The website ownership of the following domain must be verified:

tools.wmflabs.org 
Please go to the Search Console to complete the domain verification process. The account you use must be either a Project Owner or a Project Editor on XXXX-project-name

I looked at the process and it seems like they need a TXT entry there on tools DNS. Do you guys think there is a better way to do this ? (and, or) is there another way to do this ?

Detailed reply from Google at: https://github.com/tonythomas01/gdrive_to_commons/issues/13#issuecomment-502642037

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 18 2019, 8:43 PM

@bd808 should we ask for a VPS project to have a subdomain we can verify ourselves or is there a way to verify tools.wmflabs.org itself?
I would think of having a simple proxy to Toolforge with nginx if a project is indeed necessary.

bd808 added a comment.Mon, Jul 1, 5:54 PM

Making the TXT record for tools.wmflabs.org is something that the WMCS admins can do technically.

My main open question about this is how Google treats this association on their side. It is not clear to me if they allow a one to many mapping for domains to OAuth grants/owners. This tool is the first to ask about integrating with Google OAuth, but it would be a bit sad if things work such that only one tool can take advantage of this before we figure out how to implement T125589: Allow each tool to have its own subdomain for browser sandbox/cookie isolation.