9 questions
0
votes
1
answer
228
views
How to differentiate streams in Google Cross-Account-Protection (RISC)
The documentation says the jti identifies the event and "is unique to the stream". That means it could be repeated in multiple streams. What differentiates the stream? And how can I make ...
- 225
2
votes
0
answers
178
views
Registering a RISC receiver endpoint for Google fails with 403 Forbidden "The caller does not have permission"
I'm trying to register an API endpoint to receive RISC security events from Google and have followed their tutorial for doing this. However, I've been struggling to get a successful response from ...
- 195
0
votes
0
answers
287
views
Google Cross-Account Protection (RISC) API. Callback endpoint registration returns 500 Internal Server Error
I am trying to register an api callback endpoint in google Cross-Account Protection, but I keep getting a 500 Internal Server Error response with the following body:
{
"error": {
"...
- 1
-1
votes
1
answer
275
views
403 Forbidden when trying to register receiver endpoint using the RISC API
While trying to register my receiver endpoint in order to start receiving RISC indications from google, I constantly get the same reply:
403 Client Error: Forbidden for url:
https://risc.googleapis....
- 131
0
votes
1
answer
481
views
stream:verify is failing with "The caller does not have permission" error
My security event receiver is set up and I'm at this step trying to test that it actually works. I've copied the code from the example almost exactly, but my script is resulting in an error.
Here's ...
1
vote
1
answer
279
views
Why am I not receiving Google security events for G Suite accounts?
I have successfully implemented Google Sign-In for my application as described here, with an additional layer of validation using our back-end server as described here. However, when I try to register ...
- 10.2k
2
votes
1
answer
229
views
Google-RISC security event is not getting fired for my G-suite email
I have implemented google oauth login and google RISC security event handling for our app. To enable oauth, I have created web app on google console using our G suite email address.
After enabling ...
- 1,225
2
votes
1
answer
289
views
What is the payload for the Google-RISC API callback?
I am currently integrating with the Google Cross Account Protection (RISC). As per the docs, there must be some sort of security token that will be posted to the endpoint that you registered. The ...
- 21
2
votes
1
answer
173
views
Does anyone support RISC or SecEvents specs?
I've been reading about the SecEvents WG in IETF (https://datatracker.ietf.org/wg/secevent/about/) and RISC at the OpenID Foundation (https://openid.net/wg/risc/). These look like interesting ways to ...
- 166