About "Web client (auto created by Google Service)...

Tarou · 10-08-2023 12:56 AM

In Google Cloud, under
APIs & Services > Credentials > OAuth 2.0 Client IDs,
a "Web client (auto created by Google Service)" is generated.
What action causes this "Web client (auto created by Google Service)" to be generated?

From Cloud Logging, it can be confirmed that it's created with the following log,
but I don't understand what action triggers its creation.

=====================

{

"protoPayload": {

"@type": "type.googleapis.com/google.cloud.audit.AuditLog",

"status": {},

"authenticationInfo": {

"principalEmail": "firebase-service-account@firebase-sa-management.iam.gserviceaccount.com"

},

"requestMetadata": {

"requestAttributes": {

"time": "2023-09-11T06:12:12.951611Z",

"auth": {}

},

"destinationAttributes": {}

},

"serviceName": "clientauthconfig.googleapis.com",

"methodName": "CreateClient",

"authorizationInfo": [

{

"resource": "brands/0000000000000",

"permission": "clientauthconfig.clients.create",

"granted": true,

"resourceAttributes": {}

}

],

"resourceName": "clients/0000000000000-xxxxxxxxxxx.apps.googleusercontent.com",

"request": {

"client": {

"nativeAppInfo": {},

"authType": "SHARED_SECRET",

"redirectUris": [

"https://xxxxxxxxxxx.firebaseapp.com/__/auth/handler"

],

"postMessageOrigins": [

"http://localhost",

"http://localhost:5000",

"https://xxxxxxxxxxx.firebaseapp.com"

],

"type": "WEB",

"brandId": "0000000000000",

"displayName": "Web client (auto created by Google Service)",

"projectNumber": "0000000000000"

}

},

"response": {

"clientId": "0000000000000-xxxxxxxxxxx.apps.googleusercontent.com",

"clientSecrets": [

{

"createTime": "2023-09-11T06:12:12.834532Z",

"state": "ENABLED"

}

],

"creationTime": "2023-09-11T06:12:12.834Z",

"displayName": "Web client (auto created by Google Service)",

"projectNumber": "0000000000000",

"threeLeggedOauth": "ENABLED",

"updateTime": "2023-09-11T06:12:12.917755Z",

"type": "WEB",

"redirectUris": [

"https://xxxxxxxxxxx.firebaseapp.com/__/auth/handler"

],

"domainWideDelegation": "DELEGATION_ENABLED",

"brandId": "0000000000000",

"adminState": {

"updateTime": "2023-09-11T06:12:12.834Z"

},

"postMessageOrigins": [

"http://localhost",

"http://localhost:5000",

"https://xxxxxxxxxxx.firebaseapp.com"

],

"authType": "SHARED_SECRET"

}

},

"insertId": "xxxxxxxxxxx",

"resource": {

"type": "client_auth_config_client",

"labels": {

"project_id": "xxxxxxxxxxx",

"client_id": "0000000000000-xxxxxxxxxxx.apps.googleusercontent.com"

}

},

"timestamp": "2023-09-11T06:12:11.423951Z",

"severity": "NOTICE",

"logName": "projects/xxxxxxxxxxx/logs/cloudaudit.googleapis.com%2Factivity",

"receiveTimestamp": "2023-09-11T06:12:13.695067350Z"

}
=====================

rahulr

Hello @Tarou

The log you've provided shows that a "Web client (auto created by Google Service)" was generated in Google Cloud. This typically occurs when a third-party application or service integrates with Google services, like Firebase, and requests the creation of an OAuth 2.0 client ID for authentication purposes.

In this specific case, it appears that the creation of the "Web client" was initiated by the Firebase service account (firebase-service-account@firebase-sa-management.iam.gserviceaccount.com) through the `CreateClient` method of the `clientauthconfig.googleapis.com` service. The log entry mentions the necessary configuration details, including the `redirectUris` and `postMessageOrigins`.

This automatic creation of a client ID is common in scenarios where you set up authentication or authorization for your application, such as when you use Firebase for user authentication or integrate with other Google services. The "Web client" is created to facilitate secure communication and authorization between your application and Google services.

Hope so it works.

Thank you

Rahul

Expertopinionsa

Hey Tarou!

No worries, that "Web client (auto created by Google Service)" is like Google Cloud's secret sauce doing its thing. So, here's the lowdown: this auto-creation happens when someone or something (Google's behind the wheel here) calls the clientauthconfig.googleapis.com service and asks it to create a client using the CreateClient method.

Now, let's decode the logs a bit. If you look at the authorizationInfo part, you'll see it's granting permission to create a client under a specific resource (in this case, a brand). The resourceName then specifies the client that's being created, and voila, you have your "Web client (auto created by Google Service)."

So, to sum it up, if you see this in your logs, it means some process or service is asking Google's API to create a web client, and Google's like, "Sure thing, fam!" Hope that clears things up! Let me know at triotech systems if you have more questions.

Thanks!

About "Web client (auto created by Google Service)"