I've followed the steps google has provided for integrating sign-in, provided here: https://developers.google.com/identity/sign-in/web/sign-in within my MERN stack application.
The button that I've created, correctly redirects to the google authentication site. However, after the user is authenticated with google, the google authentication site is closed and no redirection occurs. I'm expecting to be redirected to http://localhost:3000/profile after a user is authenticated.
I've set Authorized JavaScript origins to http://localhost:3000 and Authorized redirect URIs to http://localhost:3000/profile.
How can I update my code to have this redirect as expected?
If your code for authorizing with google lives in your server file, wich is running on a diffrent port than port 3000 you should set your JavaScript origins to the port of the server. Not the port of your react app.
This article covers the whole proces of using oAuth in the MERN stack step by step: https://medium.com/#maartendebaecke2/mern-stack-implementing-sign-in-with-google-made-easy-9bfdfe00d21c
Related
I am trying to implement social login using keycloak in a react-native application and upon following official keycloak documentation I have hit a dead end.
I have correctly configured (according to documentation) the correct redirect URI.
Details-
1.created a new facebook app. Now I have two different web resources.
a.) An instance running keycloak server on a docker setup.
b.) A dummy web app on a different domain that I am redirecting to using my react native code. I am using react-native-login package and the configuration which goes into their Login.start(config) method is attached below.
2.The website uri is the facebook app setting is same as the redirect uri that keycloak provides upon adding an identity provider.I have double checked my app id and app secret
and switched the app to production by giving it a privacy policy on the dummy express aplication I am trying to redirect to.
3.The keycloak server and the dummmy express app I have are on different domains (I don't see any problems with this but the tutorial I was following had the website and the keycloak server on the same domain with different sub domains could this be the problem).
The error
{
"error": {
"message": "Can't load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and sub-domains of your app to the App Domains field in your app settings.",
"type": "OAuthException",
"code": 191,
"fbtrace_id": "Awr-3dCV3zr"
}
}
config object
const config = {
url: "https://authserver.ml/auth",
realm: "Demorealm",
client_id: "demoFrontEnd",
redirect_uri: "https://dummyapp.ml/privacypolicy",
appsite_uri: "https://dummyapp.ml",
kc_idp_hint: "facebook",
};
website URI in facebook = redirect uri by keycloak (according to keycloak documentation)
added both the domains in the domains section of facebook app settings under the basic tab.
In the Share Redirect Domain Allow List section in advanced settings in facebook app I have added both the URI's ie. the authentication broker url from keycloak and the uri I am trying to redirect to after a successful login but I get this error everytime
Another scenario I have noticed is when I try to give the react-native-login config object a redirection uri that is mentioned in keycloak I get the invalid parameter error from keycloak
NOte- the error is arising from facebook's graph api which means that the authentication request went past the keycloak server and to facebook (https://graph.facebook.com/oauth/authorize?scope=email&state=rest of the url)
Any suggestions at this point will be much appreciated.
I have kind a puzzle-headed task and i don't know where should i start.
We have a web app that is in our local net. We want to give access to this
app from the outside using apache.
Basically we want pre-login page on apache that will send user credential using api to our app and receive answer with OTP, which user can write in pre-login page inputbox, send again and in case off success apache will redirect user to standard apps login page.
Can apache do that?
Sort of: you can put an authenticating proxy in front of your app that will propagate the established user identity to the backend. See e.g.: https://github.com/zmartzone/mod_auth_openidc
When i try get access token via oauth (oauth screen with Allow button) on my local machine it works, but when i do the same on test server: i get oauth screen, i press allow and it's redirects to callback uri with code, and then app asking for token (i use PHP lib):
$client->authenticate($request->get('code'));
$access_token = $client->getAccessToken());
and i get null in response and application does not get authorized and it's not in authorized apps in google account.
I've checked redirect URLs listed in Google APIs - everything matches!
And i don't get any errors from google, it's just redirects to callback url and not adds application to authorized apps list.
But it works on local with same credentials. Any one can help me and guide where the problem can be?
Solved. I did not set redirect url before $client->authenticate($request->get('code'));
I am using a custom local URL for development of a project that authenticates with both Google and Adwords using OAuth2.
The entry in my /etc/hosts file looks like:
127.0.0.1 sub.example.dev:3001
In the Google Cloud Platform console I have an OAuth 2.0 client ID setup with:
type: Web Application
Authorized JavaScript origin: http://sub.example.dev:3001
Authorized redirect URIs:
http://sub.example.dev:3001/auth/adwords/callback
http://sub.example.dev:3001/auth/google/callback
I authenticate with with both Google and Adwords separately. Previously I was using localhost:3001 instead of the custom URL which was working for both Google and Adwords. After switching to the custom local URL the Google auth still works, but when I try to authenticate with Adwords I get a redirect_uri_mismatch error.
The error page tells me that "The redirect URI in the request, sub.example.dev:3001/auth/adwords/callback, does not match the ones authorized for the OAuth client." The URI reported here is exactly the same as what I have as an authorized redirect URI (minus the protocol).
Why does this work with Google OAuth, but not Adwords? How can I get a custom local redirect URL to work with Adwords OAuth?
Thanks!
I found the issue, and there was a hint in the question itself. The redirect URL that I pass during the OAuth flow needs to contain the protocol and I had missed that in my config.
The redirect URL I was passing in the OAuth flow was sub.example.dev:3001/auth/adwords/callback
I changed it to http://sub.example.dev:3001/auth/adwords/callback and now it works! :D
This is from the google federated login description
"Once Google accepts the authentication request, the user is redirected to a Google authentication page. At this point the authentication sequence takes over. On successful authentication, Google redirects the user back to the URL specified in the openid.return_to parameter of the original request."
I assume my web app is responsible for the redirect 'to a Google authentication page' mentioned here? I dont see how google can make this redirect.
And If my webapp does the redirect, how do the openid request parameters get sent to google?
On reading some more, its only possible that once "Once Google accepts the authentication request", (I assume the requesting party gets a 200 http status), the requesting web application now adds the same parameters that had been posted to google login endpoint to a google authentication url and then redirects the user to this url