Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obtaining code via gapi.auth2.authorize doesn't return a valid code #175

Open
gcsaba2 opened this issue Apr 15, 2021 · 0 comments
Open

Obtaining code via gapi.auth2.authorize doesn't return a valid code #175

gcsaba2 opened this issue Apr 15, 2021 · 0 comments

Comments

@gcsaba2
Copy link

gcsaba2 commented Apr 15, 2021

I'm able to reproduce the issue like this:

  1. I have an anchor on my HTML page which leads to google's auth server. Google will respond with a redirect URL, this URL will contain the code.
  2. I input this code into the curl command below:
curl -v -H "Origin: https://localhost:8080" -H "Content-Type: application/x-www-form-urlencoded" \
   -X POST --data-urlencode "client_id=myclientid" \
  --data-urlencode "client_secret=mysecret" \
  --data-urlencode "redirect_uri=http://localhost:8080/google/auth" \
  --data-urlencode "grant_type=authorization_code" \
  --data-urlencode "code=4/0AY0e-g6bddl0EjaWbmov2ExohWV2NTPAbUQ--wHPvZUiW_4bx26vu-bx1NGEngz29RKboQ" \
 https://oauth2.googleapis.com/token
  1. Running this command will return an access_token

OK this works. So now I want to do the exact same thing with javascript.

This is the code:

function onGLoad() {
  gapi.load('auth2', function() {
    gapi.auth2.authorize({
        client_id: 'myclientid',
        scope: 'profile email',
        response_type: 'code',
        prompt: 'none'
      }, function(response) {
        if (response.error) {
          console.log('Google responded with an error: ' + response.error);
        } else if (response.code) {
          console.log(response.code);
        }
      });
  });
}

I take response.code and input it into the same curl command as above. I'll get an error like this:

{
  "error": "redirect_uri_mismatch",
  "error_description": "Bad Request"
}

To be sure, the redirect_uri is correct. Is this a bug in google's AS?

The code which I get via the HTML anchor looks like this:

4/0AY0e-g5ic3wkiIf3I1AQ0t2oIP0w8u4WtRMm-G-gRE83hSKtLwyBfd18sZ-NkdJQXjHmyg

and the code I get via Javascript looks like this:

4/0AY0e-g6bddl0EjaWbmov2ExohWV2NTPAbUQ--wHPvZUiW_4bx26vu-bx1NGEngz29RKboQ

(eg. no visible difference)

I was checking the network traffic to see what Google's JS is doing and the only difference from the HTML anchor seems to be sending the undocumented ss_domain parameter. However, adding that to my curl command does nothing, so the issue probably lies elsewhere.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gcsaba2