When using the Google OAuth2 API, I am receiving inconsistent reply parameters.
scopes: ['email','profile']
Expected Response:
{
access_token: 'ya29.fQB...aYSwXTK7Etm2XzIhA2VYf7Gtp',
token_type: 'Bearer',
expires_in: 3600,
id_token: 'eyJhbGciOiJSUzI1NiIsI...bDkzZDNjYzFicWJmdTIzdjF...pZWRfZW1h...0vYWNjb3Vud...kSObTnsLQKg...3Mpg6Y2K2Bhw6c'
}
Received Response:
{
access_token: 'ya29.fQDvVUn66q...vqe2WLQf_Nc4d4oc',
token_type: 'Bearer',
expires_in: 3600
}
Does anybody know how to solve this problem or work around it?
Sorry, this was caused by an issue with our latest release and we rolled back as soon as we came to know about it.
So this should be resolved (as of 2pm PST). If you are still seeing issues do let us know.
Thanx for the clarification Naveen,
Amplify.com education application faced this issue around 2:30pm Sep 11, 2014 Eastern and it was fixed around 5:15pm EST same day. Our authentication is based on Google OAuth.
For us to be prepared, Are you/Google planning on removing the email ID from the Google API in the future, or was that a development bug that was corrected?
Thanx,
Related
So this type of error is being reported on a lot of community boards over the course of the last year with no acceptable answer we could find. We have just started our journey integrating with Google Home and created a Home Automation Action and we are getting a similar error …
{
insertId: "10wvnj2fyb1thy"
logName: "projects/bitdog-home-f69bd/logs/actions.googleapis.com%2Factions"
Show matching entries
Hide matching entries
Add field to summary line
receiveTimestamp: "2018-12-06T13:28:13.939975519Z"
resource: {
labels: {
action_id: "SMART_HOME_SYNC"
project_id: "bitdog-home-f69bd"
version_id: ""
}
type: "assistant_action"
}
severity: "ERROR"
textPayload: "SYNC: Request ID 742344561631232315 failed with code: OPEN_AUTH_FAILURE"
timestamp: "2018-12-06T13:28:13.931998358Z"
}
This shows on Google Home app as "Couldn't update the setting, check your connection"
The OAuth service logs show a successful account linking and a successful refresh_token request. Google does not attempt a SYNC call to the Action handler from what we can tell.
We have other systems using the OAuth server and they are working well and we are little lost on how to proceed to debug this issue. We created a support ticket today but I don't feel confident that we will get meaningful help.
We have also tried using the Google Home app on Android and iOS. We have tried changing the default browser from Chrome to Firefox. Nothing has changed the outcome. We also made sure that our access_token was in JWT format to see if google was sensitive to token size or format and nothing worked. We even made sure that the Google Home app user matched the user logged into the browser.
Help!
I did get it working. It was already working with an Amazon Echo Skill but it seems that Google's implementation (OpenAuth) is a bit more strict. I changed my access_token from a proprietary encrypted token format to a legit signed JWT token. I also removed expires_in from the response and it started working, not sure if it was the access_token JWT token format or removal of expires_in. I'm happy I can move on. If I get a chance, I will test to see which change made it work and comment here again.
Thank you.
To anyone with this problem–
I had to take multiple steps to resolve this issue, which are not clearly outlined in any documentation.
As per Google support:
Please adjust your account linking implementation from implicit to auth code flow then perform test again.
On the documentation for OAuth account linking, it says there are two methods of authentication: implicit and auth code. Apparently, only the auth code flow works for smart home.
I am using the Actions on Google Node.js library. While poking through the documentation, I found that:
[The SYNC request fulfillment] should return a valid response or a Promise that resolves to valid response.
The problem is that I was doing a database operation (which took time), so I couldn't simply return a value when it was ready; I had to return a Promise insead, then fulfill that promise later.
Hopefully this is helpful to anyone stuck on this reoccurring issue! Basically, check your auth flow and make SYNC is returning a valid JS object on time.
I was facing the same issue from last 2 weeks and was wonder when saw it is a 3 steps problem.
Check your SYNC intent is properly parsed
Incorrect Response Structure (Verify here-Smart Home SYNC Data Validator)
Device Response time-out should be less than 5 sec.
You can check Link
My problem started when I connected by Sonoff Bridge.
So I got it working by removing my 'Sonoff Bridge' and connecting it to Google Home. (All mu light are now working). Added the Bridge again to Sonoff and using IFTTT to connect to my Bridge
Here is the google oauth2 discovery url.
https://accounts.google.com/.well-known/openid-configuration
And in the response, it looks like this
{
"issuer": "https://accounts.google.com",
"authorization_endpoint":"https://accounts.google.com/o/oauth2/v2/auth",
"token_endpoint": "https://oauth2.googleapis.com/token",
"userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
"revocation_endpoint": "https://oauth2.googleapis.com/revoke",
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
...
The token_endpoint in the google document here https://developers.google.com/identity/protocols/OAuth2WebServer#exchange-authorization-code said it should be https://www.googleapis.com/oauth2/v4/token.
Maybe recently the token_endpoint is updated, but when I use https://oauth2.googleapis.com/token this one to exchange token with code., I will get an error response.
{ "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }
And if I use https://www.googleapis.com/oauth2/v4/token to do the same thing, everything is fine.
Is there anything changed in google identify platform? Thanks!
The OAuth endpoint has been updated a number of times over the last five years. I normally follow the one i the discovery doc but your example shows that that is not always the best course of action all of the time.
I have never heard of google shutting down old endpoints i suggest you use the one that works. As a side note i will contact Google to see if i can get some feed back as to why one call worked and the other didnt.
Until this morning, for the last 2 years I experienced no issues with the Linkedin Oauth system I have implemented. I can verify that all the data is still coming through, but suddenly a very strange issue has come up with the pictureUrl parameter of the returned data. It no longer leads to an image, and instead leads to a page which looks like this:
I can't figure out what has gone wrong, any advice would be greatly appreciated. All other data is coming through just fine.
The issue seems to be that LinkedIn OAuth API returns a 500 error when the OAuth client asks for more fields than the application is permitted to request. It can be resolved by specifying the specific fields and scope.
Per this recent discussion at GitHub (https://github.com/auth0/passport-linkedin-oauth2/issues/24), specify the specific profileFields and scope :
{
profileFields: [
"formatted-name",
"headline",
"id",
"public-profile-url",
"email-address",
"location"
],
scope: ["r_basicprofile", "r_emailaddress"]
}
How the heck do you use the Bing API (now Azure Marketplace API)? Does it only support oAuth? Can anyone show me an example of how to authenticate to it? The documentation is silent and after an hour of frustration I'm posting the question here.
Here is the end point I am trying to hit:
https://api.datamarket.azure.com/Bing/Search/v1/Composite?query=sushi&sources=web
This throws up Basic Auth; if I cancel I get an error message saying that only Basic and oAuth are supported.
However, no combination of username and password known to my account works for Basic, and I can't find an example of how to use oAuth with it. I have an account set up, I have subscribed to the free tier.
After doing more research and experiment I was able to figure it out. The examples confused me (I think theyassume a lot of context about Azure's SOAPy conventions over REST, such as case sensitivity and quoted strings). Perhaps they will confuse others so I'm posting my answer here:
function searchBing() {
var request=require('request');
var url="https://api.datamarket.azure.com/Bing/Search/v1/Web?Query='sushi'&$format=JSON";
var key="[your account key]";
request.get(url, {auth: { user: key, password: key} }, function (error, result) {
console.log(error, result.body);
})
}
I'm trying to build up an OAuth2 provider with Doorkeeper and I wanted to test all existing flows, but got stuck at the first attempt.
I'm trying to test the authorization code flow. Everything works fine on getting the authorization code, but once I try to get the access token something gets wrong. Below mentioned are some of the steps.
describe 'when sends an access token request' do
let(:access_params) do
{ grant_type: 'authorization_code',
code: authorization_code,
redirect_uri: application.redirect_uri }
end
let(:access_uri) { '/oauth/token' }
before { page.driver.post access_uri, access_params }
it 'returns valid json' do
pp page.source
end
I was expecting the json with the final access token, but I got this error. I checked out pretty well the client and the params. All seems fine to me.
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}
Can you help me on understanding what is missing?
Thanks
I finally got it work. I missed one important aspect about the OAuth2 specs, where the client must identify itself using basic auth. I solved adding it before the post, and it worked pretty well.
before do
page.driver.browser.authorize application.uid, application.secret
page.driver.post access_uri, access_params
end