Error with Google login on custom domain

dd76 · March 26, 2018, 11:14am

I have a universal login page from with a “Login with google” button which works as expected until I configure the page to be served from a custom domain.

In that case I get the following “redirect_uri_mismatch” error:

The redirect URI in the request, https://<CUSTOM_DOMAIN>/login/callback, does not match the ones authorized for the OAuth client

I have added https://<CUSTOM_DOMAIN>/login/callback to the Allowed Callback Urls but the error persists.

I am confused as to why my app is trying to redirect to https://<CUSTOM_DOMAIN>/login/callback in the first place, as it is configured to redirect to http://localhost:1337.

Can anyone explain what is happening and how I can fix this?

Thanks.

jerdog · March 26, 2018, 10:40pm

Can you share your connection code, taking out any sensitive information?

dd76 · March 27, 2018, 11:07am

Hi, thanks for looking at this.

This is the relevant (I think!) code from the custom login page:

        var config = JSON.parse(
            decodeURIComponent(escape(window.atob('@@config@@')))
          );

          var params = Object.assign({
            domain: config.auth0Domain,
            clientID: config.clientID,
            redirectUri: config.callbackURL,
            responseType: 'code',
            overrides: {
    		      __tenant: config.auth0Tenant,
    		      __token_issuer: config.auth0Domain
          	}
          }, config.internalOptions);

          var webAuth = new auth0.WebAuth(params);

          var databaseConnection = 'Username-Password-Authentication';

          function login(e) {
            e.preventDefault();
            var username = document.getElementById('email').value;
            var password = document.getElementById('password').value;

            webAuth.login({
              realm: databaseConnection,
              username: username,
              password: password
            }, function(err) {
              if (err) displayError(err);
            });
          }

          function loginWithGoogle() {
            webAuth.authorize({
              connection: 'google-oauth2'
            }, function(err) {
              if (err) displayError(err);
            });
          }

jerdog · March 27, 2018, 5:28pm

Make sure that you’re calling the full auth0 tenant and domain in your code (i.e. auth0Tenant and auth0Domain in your code). This would include region if applicable (<tenant>.<region>.auth0.com>. The dashboard should list for you the correct information to be applied, as would our Quickstarts and information found on Universal Login

dd76 · March 28, 2018, 8:54am

Your suggestion have helped me a make some progress, but I am now getting a ‘invalid token/ state does not match error’.

I’ll try to summarise the situation.

With the following configuration ( domain: "<tenant>.<region>.auth0.com"), both username-password login and google login redirect to http://localhost:1337/callback but both result in a “invalid token/ state does not match" error:

var params = Object.assign({
        domain: "<tenant>.<region>.auth0.com", 
        clientID:  '<clientID>',
        redirectUri: 'http://localhost:1337/callback',
        responseType: 'token id_token',
        overrides: {
		      __tenant: "<tenant>",
		      __token_issuer: "<tenant>.<region>.auth0.com"
      	}
      }, config.internalOptions);

(Changing __tenant to "<tenant>.<region>.auth0.com" results in the same error)

With the following configuration ( domain: '<customDomain>') , username-password login works but google login has the “redirect_uri_mismatch” error:

var params = Object.assign({
        domain:   '<customDomain>',
        clientID:  '<clientID>',
        redirectUri: 'http://localhost:1337/callback',
        responseType: 'token id_token',
        overrides: {
		      __tenant: "<tenant>",
		      __token_issuer: "<tenant>.<region>.auth0.com"
      	}
      }, config.internalOptions);

The hosted page is accessed by a call to angularAuth0.authorize() and auth0 is initialised with

angularAuth0Provider.init({
    clientID: '<clientID>',
    domain: '<customDomain>',
    responseType: 'token id_token',
    redirectUri: 'http://localhost:1337/callback',
    scope: 'openid profile email'
 });

jerdog · March 28, 2018, 1:51pm

So does this help you with your troubleshooting?

github.com/auth0/auth0.js

Invalid token - `state` does not match

opened 09:12AM - 07 Feb 18 UTC

closed 09:25PM - 15 Feb 18 UTC

jeiman

So for some reason I can't seem to authenticate users on certain computers/lapto…ps that has the same browser versions. `auth.js` ``` export var webAuth = new auth0.WebAuth({ domain: 'xxx.auth0.com', clientID: 'xxx', responseType: 'token id_token', audience: 'https://xxx.auth0.com/userinfo', redirectUri: 'http://localhost:3000' }) ``` `Login.vue` ``` if (window.location.hash) { webAuth.parseHash({ hash: window.location.hash }, (err, authResult) => { if (err) { return console.log('parseHash error', err) } if (authResult) { webAuth.client.userInfo(authResult.accessToken, function(err, user) { if (err) { console.log('err accessToken', err) } localStorage.setItem('profile', JSON.stringify(user)) localStorage.setItem('id_token', authResult.idToken) window.location = '/state' }) } }) } ``` **Picture:** ![error](https://user-images.githubusercontent.com/3265758/35907594-52b3612e-0c29-11e8-92cd-cd8a8f0e9198.jpeg) **Other details:** Auth0 version: NPM - `8.12.2` ScriptJS - `8.12.2` Browser: Chrome Version 64.0.3282.140 (Official Build) (64-bit) O.S: Windows 10 The issue is not happening on my laptop (which is running on the the Browser version mentioned above), but it is happening on other laptops (same browser version). Not too sure what else to try here. Been looking at the forums, nothing is working out. Would love some insights on this. Thank you.

nserdakov.developer · September 20, 2018, 3:28pm

You just need to add the https://<CUSTOM_DOMAIN>/login/callback to your list of allowed urls IN GOOGLE application. Enter the application and add. If you do this - you will not have any error.

I ask community to add to google tutorial this steps, because I also faced on it.

jerdog · September 20, 2018, 6:06pm

Where would you suggest we add this info in that doc you linked @nserdakov.developer ?

And do you get this resolved @dd76?

dd76 · September 20, 2018, 9:01pm

Hi, I did get this resolved and @nserdakov.developer’s is correct, that is what I needed to do.

system · October 20, 2018, 9:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.