Social Login with Google Returns Tokens That Are Invalid for the API

athinksoftware · July 12, 2017, 1:07am

Using social login (Google) via the following:

var waGoogle = new auth0.WebAuth({
    domain: 'testApplication.auth0.com',
    clientID: '************',
    redirectUri: 'http://localhost:8080/'
  })

  waGoogle.authorize({
    connection: 'google-oauth2',
    responseType: 'id_token token'
  }, function(err, authResult){
    if(err){
      console.log('Google Login Error')
      console.log(err)
    }
  });

Google screen shows up, I log in and I am redirected back to my application.
From the application, I am able to parse the URL so that I can get the access and id tokens.

let getParameterByName = (name) => {
  var match = RegExp('#&]' + name + '=(^&]*)').exec(window.location.hash);
  return match && decodeURIComponent(match[1].replace(/\+/g, ' '));
}

var access_token = getParameterByName('access_token')
var id_token = getParameterByName('id_token')

Issue I am having is that none of the tokens allow me to call my APIs (asp.net web api) which are decorated with the [Authorize] attribute. It returns a:

401 (Unauthorized)

I know that my API is working, as using the normal
Username-Password-Authentication method where I also obtain an access token, my api calls are just pulling through.

Are there any next steps which I need to do after obtaining the access and id_token from Google? Do I need to make an additional call to Auth0 to obtain the proper access token to be able to call my web api?

Thanks.

prashantT · July 12, 2017, 5:11am

You will need to pass an audience parameter to obtain a valid JWT access_token, which can be used to call your API. The audience parameter is the identifier of your API which you have configured in Auth0.

waGoogle.authorize({
     connection: 'google-oauth2',
     responseType: 'id_token token',
     audience: 'MY_API_IDENTIFIER // pass this parameter
   }, function(err, authResult){
     if(err){
       console.log('Google Login Error')
       console.log(err)
     }
   });

athinksoftware · July 12, 2017, 8:28am

Thank you for providing some answers.
As a follow up, I tried to use the tokens (access and Id) to get the user info as stored in Auth0, but I am getting invalid_credentials error.
https://auth0.com/docs/libraries/auth0js/v8#extract-the-authresult-and-get-user-info.
I suppose I should still be able to get the user info based off the social login profile, right?

Topic		Replies	Views
UnauthorizedError: jwt audience invalid. expected: http://api.mypgguru.com Help api	2	4674	June 6, 2019
Google Social Connection access token rejected when making Youtube Data v3 API calls JWT.io access-token , idp	4	4150	December 8, 2021
Issue with Google connection using Auth0 Help google , oauth2	4	5578	November 22, 2018
Social connectors and /Userinfo - failed with status code 401: invalid credentials Help	2	3595	August 26, 2019
Google invalid_token on YouTube API Help	2	1945	January 26, 2023

Social Login with Google Returns Tokens That Are Invalid for the API

Related Topics