OAuth Rejection Notice

legrandtimonier · 04-11-2023 12:10 PM

After getting back an error message on running my javascript program in node.js with my VM instance, I was informed by a member of the Google Cloud Community: "If you need to set up your instance with Identity-Aware Proxy (IAP), you may refer to this document Setting up IAP for Compute Engine. But if you already set up your instance, you just need to enable IAP Enabling IAP for Compute Engine." Given that my VM instance had already been set up, I jumped (at the suggestion of the person advising me) to the part of the document dealing with "Enabling IAP for Compute Engine" without carrying out the other steps for persons who did not already have an up and running VM instance (i.e., load balancing, etc.) While following the steps listed in the documentation, I discovered I must activate the "Configure consent screen" button and create an OAuth consent screen. None of the things I saw after this point seemed to have anything to with my sort of project, that involves no one but myself to give consent to. But I decided this time not to "think too hard" and to simply follow the instructions. After several long, puzzling minutes trying to do what I thought I was supposed to do, I submitted my OAuth request. And after 48 hours or so of waiting for an answer from the Trust & Safety Security & Privacy Team, I just received a Request Denied from them, with no explanation of what was wrong with my submission (though I'm sure several things were), along with a warning that I might need to submit a video. But of what? Perhaps it's worth mentioning at this point that what I wish to do is "simply" use Google Cloud Translation (Advanced) with a glossary in .tmx format to translate a .docx file from one Google-supported human language to another Google-supported human language, outputting the result also in .docx format and storing both in different subdirectories of my bucket. (One directory for the .docx input file and another for the .docx output file, the result of the translation.) My main question is this: is it even necessary to create an OAuth consent screen in such a scenario, with only person (i.e. me) accessing my VM via the GC console? And if a consent screen turns out to be a necessity, can someone please suggest what I might do to get things right this time and not receive a second Request Denied from the members of the Trust & Safety Security & Privacy Team?

munish1

Hello @legrandtimonier

Welcome to GCC! If all you are trying to do is to be able to ssh into your VM, This is the link https://cloud.google.com/iap/docs/using-tcp-forwarding you want to follow. The one you referred to is to setup IAP for Web links. Hope this helps

legrandtimonier

Hi again,

Not liking mysteries, I decided to get to the bottom of this SSH button not working thing (even though Troubleshooting reported all systems Go.) So I took a snapshot of my VM, created a new one in the same region, used my snapshot to build the new one, adapted firewall rules slightly and fixed a few missing things (like a suddenly absent node.js environment) and lo and behold things working perfectly now, including SSHing from within the console. Which just goes to show: sometimes to fix a problem ya just gotta kick the TV set, as it were. 🙂

legrandtimonier

Just a word to say that after getting your reply I simply recreated a new VM instance in the same region/zone, created a snapshot of the old instance, slightly adjusted firewall rules and such and everything is now working perfectly with respect to SSHing. The only problem I had was that lots of stuff didn't get copied over to the new instance (especially the node.js environment, which I had to download and recreate on the new VM). But that was a detail really, and I am very happy to be able to SSH to my new VM with no more problems. Regards