When i try get access token via oauth (oauth screen with Allow button) on my local machine it works, but when i do the same on test server: i get oauth screen, i press allow and it's redirects to callback uri with code, and then app asking for token (i use PHP lib):
$client->authenticate($request->get('code'));
$access_token = $client->getAccessToken());
and i get null in response and application does not get authorized and it's not in authorized apps in google account.
I've checked redirect URLs listed in Google APIs - everything matches!
And i don't get any errors from google, it's just redirects to callback url and not adds application to authorized apps list.
But it works on local with same credentials. Any one can help me and guide where the problem can be?
Solved. I did not set redirect url before $client->authenticate($request->get('code'));
Related
I am new to Google Actions. I am building action to access my smart home device from google home/assistance. I have already filled the Account Linking details from my auth server on action console.
I have provided the Fulfillment URL on Actions tab.
When I try to link the account from Google App (i.e. Home > + > Set up device > Works with Google > [test] My_Action , it redirect to my server's Authorization, there I submit my server's username and password and it redirect back to google home page and my account is successfully linked and my devices are showing in the Google Home.
But, When I try to link my account using OAuth 2.0 (https://developers.home.google.com/cloud-to-cloud/project/authorization) it doesn't link the account.
Here are the steps I follow.
Open the URL in the browser.
https://auth-dev.iotondemand.com/oauth/authorize?client_id=client&redirect_uri=https://oauth-redirect-sandbox.googleusercontent.com/r/MY_PROJECT_ID&state=somerandomstring&scope=read+write&response_type=code&user_locale=en
It opens the login screen of my server, when I submit my credentials it redirect to the following url along with authorization code which is generated by my auth server and the state parameter.
https://oauth-redirect-sandbox.googleusercontent.com/r/MY_PROJECT_ID?code=VGdKtk&state=somerandomstring
And
'Invalid State Parameter. The Link can not be completed.'
this is written on browser.
Invalid State Parameter. The Link can not be completed.
What's wrong am I doing? I am passing some random string to my authorization url and it gives back the same string and redirect it to oauth-redirect-sandbox.googleusercontent.
My action is still in development mode. I haven't deployed it yet.
If you are able to complete account linking using the Google Home App, you are good to go with your implementation. This flow is also using OAuth2.0, where the user is sent to your authorization url to fill in credentials, then Google servers will use the authorization code you provided in this flow to retrieve access and refresh tokens from your token url. (The fulfillment url you provided is not used throughout the Account Linking process)
I've followed the steps google has provided for integrating sign-in, provided here: https://developers.google.com/identity/sign-in/web/sign-in within my MERN stack application.
The button that I've created, correctly redirects to the google authentication site. However, after the user is authenticated with google, the google authentication site is closed and no redirection occurs. I'm expecting to be redirected to http://localhost:3000/profile after a user is authenticated.
I've set Authorized JavaScript origins to http://localhost:3000 and Authorized redirect URIs to http://localhost:3000/profile.
How can I update my code to have this redirect as expected?
If your code for authorizing with google lives in your server file, wich is running on a diffrent port than port 3000 you should set your JavaScript origins to the port of the server. Not the port of your react app.
This article covers the whole proces of using oAuth in the MERN stack step by step: https://medium.com/#maartendebaecke2/mern-stack-implementing-sign-in-with-google-made-easy-9bfdfe00d21c
I'm using the Spotipy library, which uses the Spotify API. When I attempt to get my access token using the 'Authorization Code Flow', I get sent to a spotify web page that asks for me authenticate the access of the app to my user's data. When I click the Okay button, that's supposed to redirect me to my redirect_uri with the access token, it simply does nothing. I get no error message or anything. When I click the Cancel button, I do get redirected to my redirect_uri page, but I don't receive the access token. Is this a bug with the API? Am I doing anything wrong?
I added the redirect_uri to the whitelist of redirect pages in my app's page by the way.
The answer for this for future readers: Make sure your redirect_uri is EXACTLY the same as the one you have saved in the developer dashboard, right down to the http and the trailing slash.
I am using a custom local URL for development of a project that authenticates with both Google and Adwords using OAuth2.
The entry in my /etc/hosts file looks like:
127.0.0.1 sub.example.dev:3001
In the Google Cloud Platform console I have an OAuth 2.0 client ID setup with:
type: Web Application
Authorized JavaScript origin: http://sub.example.dev:3001
Authorized redirect URIs:
http://sub.example.dev:3001/auth/adwords/callback
http://sub.example.dev:3001/auth/google/callback
I authenticate with with both Google and Adwords separately. Previously I was using localhost:3001 instead of the custom URL which was working for both Google and Adwords. After switching to the custom local URL the Google auth still works, but when I try to authenticate with Adwords I get a redirect_uri_mismatch error.
The error page tells me that "The redirect URI in the request, sub.example.dev:3001/auth/adwords/callback, does not match the ones authorized for the OAuth client." The URI reported here is exactly the same as what I have as an authorized redirect URI (minus the protocol).
Why does this work with Google OAuth, but not Adwords? How can I get a custom local redirect URL to work with Adwords OAuth?
Thanks!
I found the issue, and there was a hint in the question itself. The redirect URL that I pass during the OAuth flow needs to contain the protocol and I had missed that in my config.
The redirect URL I was passing in the OAuth flow was sub.example.dev:3001/auth/adwords/callback
I changed it to http://sub.example.dev:3001/auth/adwords/callback and now it works! :D
This is from the google federated login description
"Once Google accepts the authentication request, the user is redirected to a Google authentication page. At this point the authentication sequence takes over. On successful authentication, Google redirects the user back to the URL specified in the openid.return_to parameter of the original request."
I assume my web app is responsible for the redirect 'to a Google authentication page' mentioned here? I dont see how google can make this redirect.
And If my webapp does the redirect, how do the openid request parameters get sent to google?
On reading some more, its only possible that once "Once Google accepts the authentication request", (I assume the requesting party gets a 200 http status), the requesting web application now adds the same parameters that had been posted to google login endpoint to a google authentication url and then redirects the user to this url