Questions related to SecEvents WG in IETF and RISC at the OpenID Foundation
Questions related to SecEvents WG in IETF (https://datatracker.ietf.org/wg/secevent/about/) and RISC at the OpenID Foundation (https://openid.net/wg/risc/)
Questions tagged [secevents]
11 questions
2
votes
0 answers
Registering a RISC receiver endpoint for Google fails with 403 Forbidden "The caller does not have permission"
I'm trying to register an API endpoint to receive RISC security events from Google and have followed their tutorial for doing this. However, I've been struggling to get a successful response from their side and I always get the following unhelpful…
moazelshebly
- 145
- 9
2
votes
1 answer
Does anyone support RISC or SecEvents specs?
I've been reading about the SecEvents WG in IETF (https://datatracker.ietf.org/wg/secevent/about/) and RISC at the OpenID Foundation (https://openid.net/wg/risc/). These look like interesting ways to prevent hijacking and abuse across Internet…
Adam Dawes
- 166
- 4
1
vote
0 answers
Google-RISC security event is not getting fired for my G-suite email
I have implemented google oauth login and google RISC security event handling for our app. To enable oauth, I have created web app on google console using our G suite email address.
After enabling the Sec event for this app. I did oauth login using…
Abhilasha
- 1,177
- 4
- 10
- 17
1
vote
1 answer
What is the payload for the Google-RISC API callback?
I am currently integrating with the Google Cross Account Protection (RISC). As per the docs, there must be some sort of security token that will be posted to the endpoint that you registered. The callback is working fine that I am receiving from…
Inon Baguio
- 11
- 1
0
votes
0 answers
Google Cross-Account Protection (RISC) API testing
I am following the documentation here: https://developers.google.com/identity/protocols/risc#overview
My setup is working, when I hit the /stream:verify endpoint I can see logs in my REST API endpoint.
To test the end-end scenario, I tried to delete…
PiaklA
- 495
- 2
- 7
- 21
0
votes
0 answers
403, The caller does not have permission, when try to get a test token
I try use get a test token following this instruction https://developers.google.com/identity/protocols/risc#java_3, and I get `
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
`
When I…
0
votes
1 answer
How to differentiate streams in Google Cross-Account-Protection (RISC)
The documentation says the jti identifies the event and "is unique to the stream". That means it could be repeated in multiple streams. What differentiates the stream? And how can I make sure to only search for JTIs that pertain to the same stream…
Felipe Müller
- 225
- 1
- 12
0
votes
0 answers
Google Cross-Account Protection (RISC) API. Callback endpoint registration returns 500 Internal Server Error
I am trying to register an api callback endpoint in google Cross-Account Protection, but I keep getting a 500 Internal Server Error response with the following body:
{
"error": {
"code": 500,
"message": "Internal error encountered.",
…
hiddenSt
- 1
- 2
0
votes
1 answer
403 Forbidden when trying to register receiver endpoint using the RISC API
While trying to register my receiver endpoint in order to start receiving RISC indications from google, I constantly get the same reply:
403 Client Error: Forbidden for url:
https://risc.googleapis.com/v1beta/stream:update
I have created the…
Weknin
- 101
- 7
0
votes
1 answer
stream:verify is failing with "The caller does not have permission" error
My security event receiver is set up and I'm at this step trying to test that it actually works. I've copied the code from the example almost exactly, but my script is resulting in an error.
Here's my code:
import requests
from google.oauth2 import…
0
votes
1 answer
Why am I not receiving Google security events for G Suite accounts?
I have successfully implemented Google Sign-In for my application as described here, with an additional layer of validation using our back-end server as described here. However, when I try to register my application for Cross-Account Protection, I'm…
wpercy
- 9,636
- 4
- 33
- 45