This website is making a potentially unsafe request. We recommend you do not allow access

I have been receiving this warning http://screencast.com/t/S6B00lMG0oC on google oauth authorisation since yesterday.

Can it be somehow related to the fact that I use oauth version 1 implementation which is depreceted?

Thanks in advance

Solution

You are seeing that warning because nimble.com is using OAuth v1.0 (which is vulnerable to Session Fixation Attack, see how it works). In order to avoid getting that warning I recommend you implement OAuth v1.0a as per Google documentation. Alternatively, you could implement OAuth2 as suggested by Chao Wei.

You also mentioned that you started seeing the warning yesterday, that feels wrong as a warning message for apps using (legacy) OAuth v1.0 has been shown for years in Google authorization pages.

I need to add a privacy policy to my flutter web app for Google verification
Limiting the scopes of an OAuth 2.0 flow
Why do i need to specify redirect_uri if i am authenticating from server side?
New Google place api using google OAuth, ask failed to refresh token
Access token obtained with 'auth-code' login flow with 'drive.file' scope, later used for picking file and on the server returns "entity not found"
passportjs + googleoauth20 + express-session (valkey store optional) req.user undefined
PHPMailer getOAuth2token response to div
Google AdWords API authorization raising AdsCommon::Errors::AuthError
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Cross-client Google OAuth: Get auth code on iOS and access token on server
Google Authenticator available as a public service?
Google OAuth components must be used within GoogleOAuthProvider
Access google cloud storage bucket from other project using python
Django Google log-in/sign up not working even though django-oauth
How to obtain android app version code using Google Api?
Problems with ShinyApp and Google authentification, when making Public
testing google sheet editor addon fails with error 403
Google API Invalid JWT Signature in SFCC
Google Classroom iframe, compare login_hint with signed in user
Origin is "not allowed" for given client ID when origin was added
Issue when trying to register an app for consent screen in google oauth
Correct setup for accessing a GSheet published as a webapp via a service account
How to set up Google OAuth clients to split authorization and token exchange between client and server?
Get 403 response with the "new" Firebase Cloud Messaging API
Google OAuth 2.0 Flow Issue (Implicit)
Unable to fetch access token and refresh token from google OAuth2.0 using the authorized code
How should I use the id token returned to me by Google after a successful code exchange?
Google Cloud Platform adding OAuth Client ID says Requested entity already exists
Gmail API Oauth2 Send from different address
How to test Google's OAuth granular consent screen for TV & Device Apps