Google authentication issue

[Shaunakde]

I am using Grant for OAuth2 authentication with google in my express app. I supplied all the parameters in the config.json :

  {
    "server": {
    "protocol": "https",
    "host": "thooslo-com-shaunakde.c9.io"
  },
  "google":{
    "authorize_url": "https://accounts.google.com/o/oauth2/auth",
    "access_url": "https://accounts.google.com/o/oauth2/token",
    "oauth": 2,
    "custom_parameters": ["access_type"],
    "scope_delimiter":" ",
    "scope":["https://www.googleapis.com/auth/youtube","https://www.googleapis.com/auth/drive"],
    "client_id":"39109025743-veaeooi4v9ooirabeseujn8u2ohjbqf7.apps.googleusercontent.com",
    "client_secret":"DO8ozwoFqtP654jzi-wPQF10",
    "callback": "/users"
  }
  }

But it still refuses to send all the parameters. I get a "client_id" not sent error:

Error: invalid_request

Missing required parameter: client_id

Learn more
Request Details

    scope=https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/drive
    response_type=code
    redirect_uri=https://thooslo-com-shaunakde.c9.io/connect/google/callback

I modified the library to print out the URL and this is indeed the case:

Starting child process with 'node ./bin/www'
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fthooslo-com-shaunakde.c9.io%2Fconnect%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive
GET /connect/google 302 26.492 ms - 574

I did manage to get the first step to work once, by some permutation, but then it failed on client_secret not found.

Is there something I am doing wrong? The library seems to be non buggy.

[Shaunakde]

Investigating further I see that the client_id is undefined in Oauth2.js line 28

This is where I log:

exports.step1 = function (provider) {
  console.log(provider)
  var url = provider.authorize_url
  var params = {
    client_id:provider.key,
    response_type:'code',
    redirect_uri:utils.redirect_uri(provider),
    scope:provider.scope,
    state:provider.state
  }
  if (provider.basecamp) {
    params.type = 'web_server'
  }
  if (provider.custom_parameters) {
    provider.custom_parameters.forEach(function (key) {
      params[key] = provider[key]
    })
  }
  if (provider.subdomain) {
    url = url.replace('[subdomain]',provider.subdomain)
  }
  console.log(params)
  return url + '?' + qs.stringify(params)
}

This is my output:

GET / 304 55.391 ms - -
{ authorize_url: 'https://accounts.google.com/o/oauth2/auth',
  access_url: 'https://accounts.google.com/o/oauth2/token',
  oauth: 2,
  scope_delimiter: ' ',
  custom_parameters: [ 'access_type' ],
  google: true,
  name: 'google',
  request_url: undefined,
  subdomain: undefined,
  protocol: 'https',
  host: 'thooslo-com-shaunakde.c9.io',
  callback: '/users',
  transport: undefined,
  state: undefined,
  key: undefined,
  secret: undefined,
  scope: 'https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/plus.me',
  overrides: {},
  access_type: 'offline' }
{ client_id: undefined,
  response_type: 'code',
  redirect_uri: 'https://thooslo-com-shaunakde.c9.io/connect/google/callback',
  scope: 'https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/plus.me',
  state: undefined,
  access_type: 'offline' }
GET /connect/google 302 12.525 ms - 626

[Shaunakde]

#Update
I got it to start to work by doing the following:

 "google": {
    "authorize_url": "https://accounts.google.com/o/oauth2/auth",
    "access_url": "https://accounts.google.com/o/oauth2/token",
    "oauth": 2,
    "response_type":"code",
    "client_id":"39009029743-veaeooi4v9ooirabeseujn8u2ohjbqf7.apps.googleusercontent.com",
    "redirect_uri":"https://thooslo-com-shaunakde.c9.io/connect/google/callback",
    "state":"xxs",
    "access_type":"offline",
    "scope_delimiter":" ",
    "custom_parameters": ["access_type","state","client_id","redirect_uri"],
    "scope":["profile","email"],
    "callback": "/users"
  }

But now I face this error:

{
  "error": {
    "error": "invalid_request",
    "error_description": "Client must specify either client_id or client_assertion, not both"
  }
}

[simov]

Grant doesn't use client_id nor client_secret you should set them as just key and secret

[Shaunakde]

@simov - thanks for the update. Just out of curiosity, does grant work by reading generic keys like "secret" and formatting to the correct URL according to the provider? I am going through the source and am very keen to understand.

Thank you so much.

[simov]

Yes. Now that I'm seeing how you configure it, I should enable the client_id and client_secret keys as well.

Btw you need just this configuration, you don't have to specify all of the parameters by yourself.

 "google": {
    "key":"39009029743-veaeooi4v9ooirabeseujn8u2ohjbqf7.apps.googleusercontent.com",
    "secret": "...",
    "state":"xxs",
    "access_type":"offline",
    "scope":["profile","email"],
    "callback": "/users"
  }

[Shaunakde]

@simov Thanks for the update. I have got it to work at my end as well. Here is my configuration (probably full of redundancies):

 "google": {
    "authorize_url": "https://accounts.google.com/o/oauth2/auth",
    "access_url": "https://accounts.google.com/o/oauth2/token",
    "oauth": 2,
    "response_type":"code",
    "key":"39009029743-veaeooi4v9ooirabeseujn8u2ohjbqf7.apps.googleusercontent.com",
    "secret":"kim7JzoD3zhuu58x5MnxDTU6",
    "redirect_uri":"https://thooslo-com-shaunakde.c9.io/connect/google/callback",
    "state":"xxs",
    "access_type":"offline",
    "scope_delimiter":" ",
    "custom_parameters": ["access_type","state"],
    "scope":["profile","email"],
    "callback": "/users"
  }

and this is the response:

{
  "access_token": "ya29.agErFQ09LLOr1SDz8tDx6b71UwOzIwLTYEwmIcTejlqV4YOS_2pJcsd7eaYpvM3GYVSGzD7g5VQOrw",
  "refresh_token": "1/DWzLnMXhNPw4TFFHERaKoVWkPzF9V9x5hq2nJwX7v6cMEudVrK5jSpoR30zcRFq6",
  "raw": {
    "access_token": "ya29.agErFQ09LLOr1SDz8tDx6b71UwOzIwLTYEwmIcTejlqV4YOS_2pJcsd7eaYpvM3GYVSGzD7g5VQOrw",
    "token_type": "Bearer",
    "expires_in": "3600",
    "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImNiZGZhM2RlZGM2MTRlNmUzZTU4OTQxNGU4ZmEzMGFjNzcwMWY0ZWQifQ.eyJpc3MiOiJhY2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTAwNzAyNTQ3NDM0Nzc1ODI1MTYwIiwiYXpwIjoiMzkwMDkwMjk3NDMtdmVhZW9vaTR2OW9vaXJhYmVzZXVqbjh1Mm9oamJxZjcuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJlbWFpbCI6InNoYXVuYWtkZUBnbWFpbC5jb20iLCJhdF9oYXNoIjoiZndCenQ5cFlKTmZxOTdqUGhmTU91QSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdWQiOiIzOTAwOTAyOTc0My12ZWFlb29pNHY5b29pcmFiZXNldWpuOHUyb2hqYnFmNy5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImlhdCI6MTQzMDg1NDgzNCwiZXhwIjoxNDMwODU4NDM0fQ.aZO4Y8tcAOzkInJBBYRNo8TZafcXRJeC-8jOaepqDRuxoZTMmS-arzPQOz4BFxemAuZvI6JfPl78lqxMh8gaEmc8IL9Gp8x0ajpKjjw_ieovmT6G6ohKKKXIHDDgK0HgQeIW_4DGmruuHoTa16j0VkqW-fSXJfLth4t7_26aJrs",
    "refresh_token": "1/DWzLnMXhNPw4TFFHERaKoVWkPzF9V9x5hq2nJwX7v6cMEudVrK5jSpoR30zcRFq6"
  }
}

Curiously, I had to re-fresh the secret to get it to work.

Thanks for the help.

EDIT:
I see from your reply that the paramenters to be supplied are to be added to those present in oauth.json

[simov]

No problem. Thanks for the feedback on how you got it working. As I said, to prevent further annoyances, I'll add the original keys for key and secret in the next release. Closing 👍