Sep 21, 2023
Google warning - Deceptive site ahead on OAuth2 authorization code grant flow
We have implemented OAuth2 and using the authorization code grant flow. Some users get the red screen of google which says deceptive ahead.
On request number 5 sometimes users receive the deceptive site ahead warning. In the google search console I have no information regarding it and I can just report it as false flag. Then google flags it as solved but few days later it's back. In the google search console i have 0 information whats up:

think the issue is that google think this code parameter here is malicious code, it always happens on that particular call.
def5020055a6848bbf81a98451efba202234241ae4d309b9308bd565290ad88cd61f07253fe660f70274ce1e8b501763fdfe02f6fe9d4b563bf880eef9d1638a89657d6cd3538b1c44a9d78a9e1ebffd103985b6ce7d680719bd35b5cb73ce0a71090498ea7894620a5395ea646186808d2ba7185840d57a34706a923c4ce9aa454da7ab4f27ea8dfa223973dae5a41f1db2fa054012c8e58e1e202d59f86f044c0558af1e48d10ad4ad78fc539a1cc3bc5d273f7e331d91f5cc39f0b68e60828490160c4dd5d70244f0b4799c90925c57306196ab6d900257fecffe0310799f70b9088e9bca0ea52e0173d499535ea845497316f5f99e50e3f994048ef6d615dff61559cd8889670e987e42c797ac6305a2b8a5d8aabc564bbec9eedd85d87dd39ddaccdb4fe9761e9e968b5cacf89e8e6b5868c3ad82f0422c8b5426094dcb11796b7be288deff11c1dd672121d7499bed88aee540a934d6c714a903941460f025767c2cd90837384bcfff89e068f45b8e680b5a3f4da93b68139014253130493d5a5acdcde9f56445300d74277b6c12e6d0045e243ec6bbc29eee26c0ba05b306badb8424aea15050
5- 302 https://auth.myapp.com/
- 302 https://login.myapp.com/login?identifier=demo2
- 302 https://auth.myapp.com/consent?code_challenge_method=S256&state=a2f1dc186493cfec4c01d8956f1b851c&scope=&response_type=code&approval_prompt=auto&redirect_uri=https://login.myapp.com/connect/kauth/check?identifier%3Ddemo2&client_id=myapp
- 302 https://auth.myapp.com/authorize?code_challenge_method=S256&state=a2f1dc1864adscfec4c01d8956f1b851c&scope=&response_type=code&approval_prompt=auto&redirect_uri=https://login.myapp.com/connect/kauth/check?identifier%3Ddemo2&client_id=myapp
- On this request the error happens: 302 https://login.myapp.com/connect/kauth/check?identifier=demo2&code=def5020055a6848bbf81a98451efba202234241ae4d309b9308bd565290ad88cd61f07253fe660f70274ce1e8b501763fdfe02f6fe9d4b563bf880eef9d1638a89657d6cd3538b1c44a9d78a9e1ebffd103985b6ce7d680719bd35b5cb73ce0a71090498ea7894620a5395ea646186808d2ba7185840d57a34706a923c4ce9aa454da7ab4f27ea8dfa223973dae5a41f1db2fa054012c8e58e1e202d59f86f044c0558af1e48d10ad4ad78fc539a1cc3bc5d273f7e331d91f5cc39f0b68e60828490160c4dd5d70244f0b4799c90925c57306196ab6d900257fecffe0310799f70b9088e9bca0ea52e0173d499535ea845497316f5f99e50e3f994048ef6d615dff61559cd8889670e987e42c797ac6305a2b8a5d8aabc564bbec9eedd85d87dd39ddaccdb4fe9761e9e968b5cacf89e8e6b5868c3ad82f0422c8b5426094dcb11796b7be288deff11c1dd672121d7499bed88aee540a934d6c714a903941460f025767c2cd90837384bcfff89e068f45b8e680b5a3f4da93b68139014253130493d5a5acdcde9f56445300d74277b6c12e6d0045e243ec6bbc29eee26c0ba05b306badb8424aea150505&state=a2f1dc186493cfec4c01d8956f1b851c
My site does not have any harmful code or content included.
Details
Community content may not be verified or up-to-date. Learn more.
All Replies (3)