Comments (8)
Have you checked here to find out why Google is flagging the content? https://developers.google.com/search/docs/monitor-debug/security/social-engineering
from oauth2-server.
Yes the only information I can see there is the following:
It's basically impossible to get in touch with some human to get more info..
I'm offering since many years an adminstration saas solution, everything is completely legit. The business is online since almost 10 years and before oauth i never faced such issues.
from oauth2-server.
That's very strange. I would request a review if you haven't done so already but I suspect this issue will be specific to your site. With the ubiquity of Chrome and the large user base of this package, I would have expected more notifications of this if there was something the package was doing to trigger the issue
from oauth2-server.
Well I did request a review and it takes 1-3 business days until something happens. I already had this issue once and then it was marked as resolved but came back a month later.
I was thinking back then its cause of cross domain redirects. I have then merged all on one domain but still face the issue and can only think of the authorization code which gets flagged as malicious.
from oauth2-server.
Did you receive a reply and a root cause @timyyo ?
from oauth2-server.
The answer of google was:
"Thanks for contacting the Google Search Central support team.
It seems that you were facing issues with a security report in Google Search Console for "Deceptive site ahead".
I couldn't find any security issues on your website at this moment. Everything seems to be working as intended.
If you've requested a review, check your Message Center. It might have been approved.
Should you need further assistance, reach out to us again.
Thanks!"
I have asked again what exactly has been flagged but did not receive any answer yet.
from oauth2-server.
I think they don't understand their own algorithm and can't give an answer what's the specific issue.
The answer I'm getting is the following:
"Thank you for your patience.
The Safe Browsing Team has informed me that your site has been removed from the list and the team will engage in enhanced monitoring to reduce the risk of it being readded. There is no further action necessary on your part. In order to protect over Four Billion devices every day from phishing and malware equitably the Safe Browsing team has to maintain a consistent process for all webmasters. I realize that any enforcement action can be a challenging experience so we have a dedicated system to review each case to enable webmasters to remediate any issues and be removed from the Safe Browsing List.
I hope this helps!"
from oauth2-server.
That's so frustrating that they can't point to why you've been flagged. If there was something in the request such as a header or redirect issue, we could look at fixing it.
The fact this hasn't been reported to us more widely suggests it is specific to your site but as to why, I've no idea. If you want to shorten the tokens you could maybe use a diff encryption algorithm.
I will close this for now as I don't think there is anything we can address but if you do hear anything more concrete please let us know. Thanks for keeping us updated on this.
from oauth2-server.
Related Issues (20)
- Reuse or revoke existing or access and refresh tokens on new auth HOT 10
- Implict grant for OIDC not supported HOT 1
- Why setUserIdentifier, not setUser? HOT 9
- Test Refresh Token Fails on Google Home Test Suite HOT 2
- Possibility of using different encryptor for shortening auth code HOT 2
- Does anyone know if this library is vulnerable to this hack? HOT 1
- Support league/event v3 HOT 4
- League/Oauth2-Server Key Exposure In Exception Message HOT 2
- AccessTokenTrait::__toString gives different result each call HOT 1
- Wrong Type in DocBlock 3rd param `AbstractGrant::issueAccessToken` HOT 1
- AuthCodeGrant applies wrong validation rules on code_challenge HOT 4
- 2FA HOT 1
- Support for PHP 8.3 HOT 1
- Testing v9-rc1 on Laravel Passport HOT 13
- Authentication scheme should be matched case-insensitively HOT 1
- Oauth
- The `scope` parameter has been mistakenly required on device access token request HOT 2
- Compatibility on interfaces HOT 2
- Initial Configuration HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-server.