Google OAuth2 Login Redirect Throwing Error

sid · January 21, 2022, 9:57am

Hi.
Trying to setup Google OAuth2 Login in my PHP project.
I am able to see the signin screen and select my account. But when Google redirects to my app, I get the below error:

{
"code": 0,
"file": "/var/www/html/dmxConnectLib/lib/oauth/Oauth2.php",
"line": 262,
"message": "Bad Request",
"trace": "#0 /var/www/html/dmxConnectLib/lib/oauth/Oauth2.php(230): lib\\oauth\\Oauth2->grant('authorization_c...', Array)\n#1 /var/www/html/dmxConnectLib/modules/oauth.php(24): lib\\oauth\\Oauth2->authorize(Array, Object(stdClass))\n#2 /var/www/html/dmxConnectLib/lib/App.php(195): modules\\oauth->authorize(Object(stdClass), 'OauthGoogleProv...', Array)\n#3 /var/www/html/dmxConnectLib/lib/App.php(159): lib\\App->execSteps(Object(stdClass))\n#4 /var/www/html/dmxConnectLib/lib/App.php(127): lib\\App->execSteps(Array)\n#5 /var/www/html/dmxConnectLib/lib/App.php(116): lib\\App->exec(Object(stdClass), false)\n#6 /var/www/html/dmxConnectLib/lib/App.php(94): lib\\App->exec(Object(stdClass))\n#7 /var/www/html/dmxConnect/api/OAuthRedirect.php(8): lib\\App->define(Object(stdClass))\n#8 {main}"
}

When running the same setup in Local docker, it all works fine. But when on remote server, it fails.
I tried re-checking the setup on my Google app, but all looks fine.
Please help.

Teodor · January 19, 2022, 7:06am

patrick · January 19, 2022, 10:36am

The error is thrown in the call to your oauth2 provider token endpoint, it does an authorization_code grant to exchange the code retrieved after the signin to an access_token. That call was rejected, can be incorrect client_id, client_secret or redirect_uri.

sid · January 19, 2022, 10:39am

But if that was the case, why would it work the first time when sign in page gets shown?
And the redirect URI is actually the URL of SA being called here.

Am I missing something in the OAuth provider setup in Globals?

patrick · January 19, 2022, 10:49am

Did you authorize the redirect_uri in the google api console?

sid · January 19, 2022, 10:54am

Yes. I have two URLs here. One local & one remote.
Local flow is working fine, but remote is throwing the error above.

patrick · January 19, 2022, 11:18am

Doing a google search there seems to be multiple issues on other websites having the same error message in the request access token call.

https://groups.google.com/g/oauth2-dev/c/vymyH-fZZdI

Bad Request normally means that some invalid parameters have been posted.

The error is on line 262, you could change that code to return the whole response instead of only the error, not sure if there will be more information there.

exit(json_encode($response));

sid · January 19, 2022, 1:34pm

This is the error I see:

{"error":"redirect_uri_mismatch","error_description":"Bad Request"}

I have rechecked the OAuth Client ID redirect URI in Google Dev Console & in my app, there is no mismatch.

The link you have shared says that it could be an issue with multiple Google Accounts logged in the browser. So I tried incognito, but got the same result.

The more weird thing here is that when I do it via localhost (docker), it works fine. But with the remote docker, it keeps failing.

patrick · January 19, 2022, 1:52pm

The error is that the redirect_uri generated in the action does not match the redirect_uri you have whitelisted in the google dev console.

use exit($this->getRedirectUri()) on line 262 to output the generated redirect.

sid · January 19, 2022, 2:00pm

Its showing a HTTP url here.
http://domain.com/dmxConnect/api/OAuthRedirect.php but what I have in Google Dev Console is HTTPS, which is also what is set in SA.

I have http for localhost & https for remote domain. Could that be the reason why its picking up HTTP?

sid · January 19, 2022, 2:01pm

Also, please note the type of OAuth screen I have setup is INTERNAL.
So account from specific domains can only be logged in. This is being uesd in a Google Workspace environment.

patrick · January 19, 2022, 2:22pm

So it isn’t detecting the https correctly. The https is probably done with a separate proxy server before the php server.

Try the following update:

Oauth2.zip (3.2 KB)

sid · January 19, 2022, 4:13pm

Thanks.
Getting a new error now.

This is the URL:
https://accounts.google.com/signin/oauth/consent?authuser=0&part=AJi8hAM2Woznwc_xx2ugg8V1hOE3Zd0FpltOKnnO0PRFfN3d1FgDgowTRMmAXj4YdhBhX8Eg1VmqaOnsGXDKNUQOE4wS26zcY8ZlZ8za5JtqzSZmkHtB35dIPAeSYeauih0be4ycB2Yg9g5271My4fHg7w_GW5UXkhFTZlwNUOJbBSQ4TgYUl5HkgCGrKPEdUN6wFnoq2cVivLbC0ZZTzD00S9L3wKwXkCvsE3MonFIPgIUMmw2aVgx3vz31VmKuwu02-EMmlCMrtaBpX8NnfsOTzqKT8Ra_evp4vAaaxhAfqi0yr7Gzz42am1T6EjpFyzE3G_dTuxZWqA5vc5l-2ZNgvq8lyRbYDbgEaYgaLwO5O2MIsmp8dcXS8KzxrV030MsQLXFlicnZPHGq-EXSLBO-rkUqOtF71BOp9HvLcTssNx94v4DDEojA6nRG_3d5Le3QB-01IKWQK-ZbDAa1U127xOfWt8WUFA&as=S-720851179%3A1642608721673594&rapt=AEjHL4O_P7FN9U9q-Pa11RCzH1D_Fh1OgZEQG-xp1viqzOj6oyYzgpK2xbHVMgc3Y0RwSGoRMyvFHuDpUrjPVe4wPb1iLZAHKQ#

patrick · January 19, 2022, 5:00pm

try it in an other browser or try clearing your cache.

sid · January 19, 2022, 5:08pm

That result is from incognito actually.

sid · January 20, 2022, 8:43am

This is the new redirect URI shown on setting exit code on line 262:
https://domain.com:80/dmxConnect/api/OAuthRedirect.php
So still some issue with OAuth2 file.

patrick · January 20, 2022, 11:09am

New update: Oauth2.zip (3.3 KB)

sid · January 20, 2022, 11:52am

No change. Still getting same error… and same value in redirect uri.

patrick · January 20, 2022, 11:57am

Do you have some proxy in front of the php server?

sid · January 20, 2022, 12:02pm

Nginx probably. Its a Caprover based docker setup.
I don’t understand this enough to give you and exact answer.