Google Social Login Server Error

[Willem-Nieuwoudt]

I am using dj-rest-auth version 2.2.5 in my Django application.

When I get the access code back from the google OAUTH2 url and post that code to the google login api endpoint it logs me in as expected, returning the jwt tokens.

However if i just post any random value or incorrect code to the google login api endpoint(using the code field) it throws a 500 error instead of a validation error like "Invalid code". This is the last bit of the trace:

File "/usr/local/lib/python3.9/site-packages/rest_framework/serializers.py", line 227, in is_valid
self._validated_data = self.run_validation(self.initial_data)
File "/usr/local/lib/python3.9/site-packages/rest_framework/serializers.py", line 429, in run_validation
value = self.validate(value)
File "/usr/local/lib/python3.9/site-packages/dj_rest_auth/registration/serializers.py", line 133, in validate
token = client.get_access_token(code)
File "/usr/local/lib/python3.9/site-packages/allauth/socialaccount/providers/oauth2/client.py", line 91, in get_access_token
raise OAuth2Error("Error retrieving access token: %s" % resp.content)
allauth.socialaccount.providers.oauth2.client.OAuth2Error: Error retrieving access token: b'{\n  "error": "invalid_grant",\n  "error_description": "Bad Request"\n}'

[Altroo]

Same issue here : https://github.com/iMerica/dj-rest-auth/issues/465

[Willem-Nieuwoudt]

Altroo, I checked your issue and I don't think it's the same as far as I can tell.

[Altroo]

@Willem-Nieuwoudt my bad, true they don't look the same, different error but both are triggered in
site-packages/dj_rest_auth/registration/serializers.py in your case in is_valid & mine in validate.

Maybe it is the same error, different config settings ?

Could you please provide your config settings?

[Willem-Nieuwoudt]

@Altroo Sure thing

ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_UNIQUE_EMAIL = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_USER_MODEL_USERNAME_FIELD = None
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'

Those are the only settings I really use at the moment for auth.

I see someone made a comment on your post with a screenshot of exactly the same issue that im having. I'll just leave a comment there to let them know about this post in case you don't have the same issue as us.

I essentially tracked down the error to the get_access_token function in the SocialLoginSerializer's validate method. The way i'm "fixing" it at the moment is to override the serializer and wrap the get_access_token function in a try except and then just return a validation error if it throws the error that im getting. Something like this:

try:
    token = client.get_access_token(code)
except OAuth2Error:
    raise serializers.ValidationError(
        _("Invalid access token"),
    )

Would be nice to have some input from people if this is an okay solution or not really.

[NyllRE]

may I know what the google login api endpoint is?

[wanglophile]

try:
token = client.get_access_token(code)
except OAuth2Error:
raise serializers.ValidationError(
_("Invalid access token"),
)

@Willem-Nieuwoudt Can you clarify if this actually solves the issue and allows for Google logins and registers?

Edit: Reverting per @Altroo's answer here fixed it for me: #465

[Altroo]

@Willem-Nieuwoudt @wanglophile check #465