Authentication with Google: not matching redirect URL

[fabiomassimo]

I was trying to perform a login with Google Service.

Hereby the executed code

let provider = Provider.Google(clientID: "$(the_client_id)", clientSecret: "$(the_client_secret)", redirectURL: "$(bundle_identifier):/urn:ietf:wg:oauth:2.0:oob")

provider.scopes = ["https://www.googleapis.com/auth/analytics.readonly"]

provider.authorize(self) { (result) in
    switch result {
    case .Success(let token):
        print(token)
    case .Failure(let error):
        print(error)
}

When the authorisation is granted in the Safari View Controller the redirect URL gets triggered with following format:

$(bundle_identifier):/urn:ietf:wg:oauth:2.0:oob?code=$(the_authorization_code)

This cause an issue for when the library checks if the redirect URL use during the initialisation of the Provider matches the received redirect URL from the AppDelegate.

I've tried other combination of redirect URL but that's the redirect URL format that the Google guide advocates.

Did anyone experienced this when trying the built in Google Provider?

I think an easy fix would be to match the retrieved URL by removing the GET parameter from the URL but before open a new PR I'd like to receive some feedback about this.

[delba]

redirectURL: "$(bundle_identifier):/urn:ietf:wg:oauth:2.0:oob")
$(bundle_identifier):/urn:ietf:wg:oauth:2.0:oob?code=$(the_authorization_code)

They look like matching to me. What's the issue?

I think an easy fix would be to match the retrieved URL by removing and GET parameter from the URL

Removing what?

[fabiomassimo]

Removing what?

The ?code=$(the_authorization_code) at the end of the URL which makes it different from the redirect URL used to initialise the provider.

[delba]

We need the code param. https://github.com/delba/SwiftyOAuth/blob/master/Source/Provider.swift#L220

This is how OAuth works. Also, the two URL are matching. We don't compare the query string.
https://github.com/delba/SwiftyOAuth/blob/master/Source/Provider.swift#L252

[delba]

We need the code param in order to exchange it for a token. This is how OAuth works.

[fabiomassimo]

Sorry I'm not being clear enough.

I do not want to remove that part from the URL for the OAuth authorisation flow but only for checking if it matches the redirect URL used to initialize the provider.

More in detail this code fails:

    func matchingURLs(a: NSURL, _ b: NSURL) -> Bool {
        return (a.scheme, a.host, a.path) == (b.scheme, b.host, b.path)
    }

That's because

print(a.host) returns

 urn:ietf:wg:oauth:2.0:oob?code=$(the_authorization_code)

while b.host returns

 urn:ietf:wg:oauth:2.0:oob

My idea is to improve to implement an improved getter to retrieve the proper host from the URL.

[delba]

I don't get the same result.

let url = NSURL(string: "foo://urn:ietf:wg:oauth:2.0:oob")!
print(url.host) // "urn"

let redirect = NSURL(string: "foo://urn:ietf:wg:oauth:2.0:oob?code=abc123")!
print(redirect.host) // "urn"

[delba]

Maybe you could change the redirect URL to something else ?

[fabiomassimo]

If I try to use // instead of / I get an error in the Google page.

I tried a lot of combinations but only that one is working for me :(

[delba]

I got nil for both of them when using only one /

[fabiomassimo]

Thank you for your feedback.

I'll try again by using the Provider to find out what is causing this behaviour about different host output.

I'll publish the results later in case someone else will have the same issue.

[delba]

Yes, let me know please :)

[delba]

Hey @fabiomassimo ,

You might want look at the next branch. Here is how to use it with Google:

let google: Provider = {
    let provider: Provider = .Google(clientID: "***", clientSecret: "***", redirectURL: "http://anything.com/callback")
    provider.useWebView = true
    return provider
}()

Note that you can set the redirectURL to anything you want so it might solve your issue when working with Google.

I tried it with Instagram, Dribbble, Github etc. Let me know if it works with Google and I'll be happy to merge it in master.

Thanks!

[fabiomassimo]

Unfortunately with any callback URL I get back following error:

Invalid parameter value for redirect_uri: Invalid scheme.

The only combination the works for me is with following format:

$(bundle_identifier):/urn:ietf:wg:oauth:2.0:oob // with only one /

Should we mention this in the README?

Last but not least the URL matching algorithm works great now. I got my token back.

[fabiomassimo]

And this is mandatory too:

google.scopes = ["$(a_google_scope)"]

[delba]

I meant set the callback to "http://myValidCallback.com/callback". Literally ahaha

When using webviews, we only listen for the redirectURL. We don't use it to open the app.

What are the mandatory scopes please?

[fabiomassimo]

What are the mandatory scopes please?

A lot: https://developers.google.com/identity/protocols/googlescopes

[fabiomassimo]

You have to specify at least one

[delba]

I'll leave the scopes part to the user. But if it works, I'll specify provider.userWebView = true in the .Google func.

[fabiomassimo]

That's a good idea.

Maybe a link in the README or commented in the code to the list of available scopes?

[delba]

I'll add a page to the wiki if useWebView works. Let me know please

[fabiomassimo]

It works great but only with callback format specified before.
Anything starting with http or another scheme gets an error.

Is it what you meant?

[delba]

I tested with the redirectURL "http://www.hello.com/callback" and it works

let google: Provider = {
    let provider: Provider = .Google(
        clientID: "***",
        clientSecret: "***",
        redirectURL: "http://www.hello.com/callback"
    )
    provider.scopes = ["https://www.googleapis.com/auth/adexchange.buyer"]
    provider.useWebView = true
    return provider
}()

[fabiomassimo]

I get back from Google in the browser:

redirect_uri_mismatch

Same init as yours but with different scope.

[delba]

You have to update the redirect on url google...

[fabiomassimo]

Where should I update it?

I receive the error with following Provider

    let google: Provider = {
        let provider: Provider = .Google(clientID: "***", clientSecret: "***", redirectURL: "http://www.hello.com/callback")
        provider.useWebView = true
        provider.scopes = ["https://www.googleapis.com/auth/analytics.readonly"]
        return provider
    }()

[delba]

https://console.developers.google.com

[delba]

I did another try with http://hello.com/callback, it works well. Sorry

[fabiomassimo]

Weird but anyway it is not blocking because the Provider works with my strange redirect URL when using a WebView 👍

I think it is ok to merge next to master

[delba]

It's because you didn't update the redirect URL on https://console.developers.google.com

[fabiomassimo]

Yep looking into that right now ;)

[fabiomassimo]

It seems that because it is an iOS app I can only enter my bundle identifier and Google uses that to create a proper redirect URL. I can not see where I can set the redirect URL.

Anyway, I'll look into this better in the docs. Thank you.

UPDATE: Indeed, I can set a custom redirect URL if I create a OAuth credential for a web client.

[delba]

Again, it works with http://hello.com/callback. With an iOS app.

I can not see where I can set the redirect URL.

Did you register on https://console.developers.google.com ?

[fabiomassimo]

This is what I get for iOS settings:

This is what I get for Web Application settings:

[delba]

I just pushed v0.4 😃

Use it with Google (and web server) like so:

let google: Provider = {
    let provider: Provider = .Google(clientID: "***", clientSecret: "***", redirectURL: "http://www.hello.com/callback")
    provider.useWebView = true
    provider.scopes = ["https://www.googleapis.com/auth/analytics.readonly"]
    return provider
}()