Sep 21, 2023
Google warning - Deceptive site ahead on OAuth2 authorization code grant flow
We have implemented OAuth2 and using the authorization code grant flow. Some users get the red screen of google which says deceptive ahead.
On request number 5 sometimes users receive the deceptive site ahead warning. In the google search console I have no information regarding it and I can just report it as false flag. Then google flags it as solved but few days later it's back. In the google search console i have 0 information whats up:
think the issue is that google think this code parameter here is malicious code, it always happens on that particular call.
def5020055a6848bbf81a98451efba202234241ae4d309b9308bd565290ad88cd61f07253fe660f70274ce1e8b501763fdfe02f6fe9d4b563bf880eef9d1638a89657d6cd3538b1c44a9d78a9e1ebffd103985b6ce7d680719bd35b5cb73ce0a71090498ea7894620a5395ea646186808d2ba7185840d57a34706a923c4ce9aa454da7ab4f27ea8dfa223973dae5a41f1db2fa054012c8e58e1e202d59f86f044c0558af1e48d10ad4ad78fc539a1cc3bc5d273f7e331d91f5cc39f0b68e60828490160c4dd5d70244f0b4799c90925c57306196ab6d900257fecffe0310799f70b9088e9bca0ea52e0173d499535ea845497316f5f99e50e3f994048ef6d615dff61559cd8889670e987e42c797ac6305a2b8a5d8aabc564bbec9eedd85d87dd39ddaccdb4fe9761e9e968b5cacf89e8e6b5868c3ad82f0422c8b5426094dcb11796b7be288deff11c1dd672121d7499bed88aee540a934d6c714a903941460f025767c2cd90837384bcfff89e068f45b8e680b5a3f4da93b68139014253130493d5a5acdcde9f56445300d74277b6c12e6d0045e243ec6bbc29eee26c0ba05b306badb8424aea150505- 302 https://auth.myapp.com/
- 302 https://login.myapp.com/login?identifier=demo2
- 302 https://auth.myapp.com/consent?code_challenge_method=S256&state=a2f1dc186493cfec4c01d8956f1b851c&scope=&response_type=code&approval_prompt=auto&redirect_uri=https://login.myapp.com/connect/kauth/check?identifier%3Ddemo2&client_id=myapp
- 302 https://auth.myapp.com/authorize?code_challenge_method=S256&state=a2f1dc1864adscfec4c01d8956f1b851c&scope=&response_type=code&approval_prompt=auto&redirect_uri=https://login.myapp.com/connect/kauth/check?identifier%3Ddemo2&client_id=myapp
- On this request the error happens: 302 https://login.myapp.com/connect/kauth/check?identifier=demo2&code=def5020055a6848bbf81a98451efba202234241ae4d309b9308bd565290ad88cd61f07253fe660f70274ce1e8b501763fdfe02f6fe9d4b563bf880eef9d1638a89657d6cd3538b1c44a9d78a9e1ebffd103985b6ce7d680719bd35b5cb73ce0a71090498ea7894620a5395ea646186808d2ba7185840d57a34706a923c4ce9aa454da7ab4f27ea8dfa223973dae5a41f1db2fa054012c8e58e1e202d59f86f044c0558af1e48d10ad4ad78fc539a1cc3bc5d273f7e331d91f5cc39f0b68e60828490160c4dd5d70244f0b4799c90925c57306196ab6d900257fecffe0310799f70b9088e9bca0ea52e0173d499535ea845497316f5f99e50e3f994048ef6d615dff61559cd8889670e987e42c797ac6305a2b8a5d8aabc564bbec9eedd85d87dd39ddaccdb4fe9761e9e968b5cacf89e8e6b5868c3ad82f0422c8b5426094dcb11796b7be288deff11c1dd672121d7499bed88aee540a934d6c714a903941460f025767c2cd90837384bcfff89e068f45b8e680b5a3f4da93b68139014253130493d5a5acdcde9f56445300d74277b6c12e6d0045e243ec6bbc29eee26c0ba05b306badb8424aea150505&state=a2f1dc186493cfec4c01d8956f1b851c
My site does not have any harmful code or content included.
Details
This question is locked and replying has been disabled.
Community content may not be verified or up-to-date. Learn more.
All Replies (3)
Sep 21, 2023
Most times when content is moved, 301 is more correct. But in situations like this 302 is more correct.
(can't help why might get warning about deceptive site, but it usually when the login page looks similar to a popular site, ie the user might enter the wrong details not realizing it not hte site they think it is)
Sep 21, 2023
Last edited Sep 21, 2023
Sep 27, 2023
Sep 27, 2023
Sep 27, 2023
Oct 23, 2023
This issue comes back with an interval of around 3 weeks. I report it as false flag, google removes it but I do not get any information why it's happening. Very frustrating situation.
The answer from them is the following:
"I apologise that we cannot provide you with more information on the issue."
The answer from them is the following:
"I apologise that we cannot provide you with more information on the issue."
Oct 23, 2023
If Google are unable to provide details, then we definitly wont be able to provide anything more (other than guesses)
Oct 23, 2023
"I apologise that we cannot provide you with more information on the issue. To learn more about how to keep your website safe, check this documentation. Thank you for understanding
For additional help with your specific issue, I recommend you to contact our Search Central Community or check our Help documentation."
Well i get zero information what this is about, i don't have an example site nor any clue if the issue is on a redirect or a parameter or WHY it's been flagged. It's just incredible frustrating.
Well i get zero information what this is about, i don't have an example site nor any clue if the issue is on a redirect or a parameter or WHY it's been flagged. It's just incredible frustrating.
This is not a hobby project, it's a site which has 100k+ requests per day.