Auth0 Home Blog Docs

Google OAuth social connection getting "invalid_request" from the test page

Up to this point I have been using the “dev keys” for Google OAuth connections, and I am ready to use my own keys. I followed the Auth0 instructions for doing this. (I skipped step 2 because I believe it does not apply to me.) At step 4, testing the connection, I get an error. Here’s what shows up in the logs (<snip> replacing things that might be sensitive info).

{
    "date": "2019-02-14T22:34:54.500Z",
    "type": "f",
    "description": "Unauthorized",
    "connection": "google-oauth2",
    "connection_id": "<snip>",
    "client_id": "<snip>",
    "client_name": "N/A",
    "ip": "<snip>",
    "user_agent": "Firefox 65.0.0 / Ubuntu 0.0.0",
    "details": {
        "body": {},
        "qs": {
            "state": "<snip>",
            "code": "<snip>",
            "scope": "email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"
        },
        "connection": "google-oauth2",
        "error": {
            "message": "Unauthorized",
            "oauthError": "invalid_request",
            "type": "request-error"
        },
        "session_id": "<snip>"
    },
    "hostname": "<snip>.auth0.com",
    "strategy": "google-oauth2",
    "strategy_type": "social",
    "log_id": "90020190214223454500721726723495929658766186359607230092",
    "isMobile": false
}

Is the authorization failure coming from Google or Auth0? Any suggestions for diagnosing what’s invalid about the request? Since the request is coming from the test page, I assume it’s not that Auth0 is sending an invalid request, but I don’t know how to get more info.

Hey there @davide!

I did a quick dive into similar topics with Google OAuth invalid request error and it seems like there might be a multiple reasons to it. Can you share the code you use for authentication (getting rid of sensitive data)?

I get that error when I hit the Try button in the social connections page. I don’t think it’s hitting any of my code. I hope I’m understanding your question correctly.

Hey there @davide!

Yep that is what I meant. Can you send me your tenant name via DM so I can take a look at this internally?

Thanks a lot!

Done. Let me know if there’s anything else I can do to help diagnose it. I wouldn’t be surprised if it’s a configuration issue on my side, perhaps with my Google API setup. I’m hoping you have access to more info about why it’s failing.

Sure! Let me try to investigate it and get back to you!

Hey there @davide!

Once you will be able to eventually establish what was the root cause with our developer support engineers, please share it with the rest of community in this thread!

Thank you!

Well, @konrad.sopala, this is my :man_facepalming: moment of the day. There was a space in the client secret, which is why the request was failing.

Thanks @marcus.baker for the help figuring this out!

For those stumbling upon this issue, please note that this mistake is really easy to make. Here’s what the page looks like in the Google API Console for configuring the credentials:

image

I edited the Client Secret part of the page to show that there are spaces before and after the client secret in the HTML element. Thus, if you copy-paste that field into the client secret field on the Auth0 side, it will come with spaces at the beginning and end of the string. Apparently I noticed the space at the end of the string and removed it, but I didn’t notice when I pasted it that there was a space at the beginning of the string. Unfortunately (and understandably) this manifests simply as “Unauthorized” so it’s a bit tricky to track down unless you look closely.

Thanks again Marcus and Konrad for helping me with this. I wish for my sake the root cause was something complicated, but in this case it was a good ol’ fashioned typo. So it goes. :slight_smile:

2 Likes

No worries! It happens to everyone! Glad you were able to track it finally folks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.