Unknown Google OAuth Error

After setting up a non-test OAuth client through google and populating my credentials, I am getting this error when doing my test login from the social connection page:

{
“date”: “2018-12-08T22:16:14.075Z”,
“type”: “f”,
“description”: “Unauthorized”,
“connection”: “MY_GOOGLE_CONNECTION”,
“connection_id”: “REDACTED”,
“client_id”: “MY_CLIENT_ID”,
“client_name”: “MY_PROJECT”,
“ip”: “REDACTED”,
“user_agent”: “Chrome Mobile 70.0.3538 / Android 0.0.0”,
“details”: {
“body”: {},
“qs”: {
“state”: “g6Fo2SBZZjhXX1pDbFV2dXl3YUpSMDZxbzFZbnVPZW15MUpwQaN0aWTZMmdhRm8yU0JZYUdGbU9EbFNaMjVYTWtreFh6RmZkbGRTZDNaWlVqWlJlV1puV21aNVRBo2NpZNkgUjVXaVBIOG9hbnI0ZlMyQmtBYUtOVUhmYVFaRFM3M0g”,
“code”: “4/rgDmhzjHI1-P9n8T172NJlVCjOUs1lcjPXU0htIWlsUmuXDJQGQZGSZI_9EauIU_RIj0lXJKHICjNBIlKj6lTNc”,
“scope”: “email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
},
“connection”: “google-oauth2”,
“error”: {
“message”: “Unauthorized”,
“oauthError”: “invalid_request”,
“type”: “request-error”
}
},
“hostname”: “MY_AUTH0_DOMAIN”,
“strategy”: “MY_GOOGLE_CONNECTION”,
“strategy_type”: “social”,
“log_id”: “90020181208221614076443861480495898728224457775201950978”,
“isMobile”: true
}

Of note, I submitted my consent screen for verification but it is still pending. It says it should still work on it’s base settings.

What steps should I take next to further triage/resolve this issue?

1 Like

Hi @jacque006

I noticed the scope parameter has scopes for google, is this something you’ve added in?

If so, I believe this is the incorrect way to add scopes for the upstream IDP (in this case google).

There is a separate parameter called connection_scope in which you can pass scopes to the upstream IDP (docs).

Hope this helps!

1 Like

@charsleysa Thanks for the pointer, but that doesn’t appear to be the issue. I’ve attached screenshots from my Auth0 Google social connection settings page and the corresponding Google Credentials page (with some information obscured):

I did originally add some additional scopes but removed them after realizing I wouldn’t need them.

I’m having the exact same problem. Everything is configured as written here:

https://auth0.com/docs/connections/social/google

The scopes being send to google are the same as in the first post:

      "scope": "email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"

I assume that either the first two shouldn’t be in there or the last two, but I’m not sure. I guess this is a problem on Auth0’s side?

Any update on this issue given the new activity?

Hi @jacque006 and @DASPRiD

Sorry for the late response, work commitments and public holidays got in the way :slight_smile:

From what I can see, all the configuration and steps looks correct.

If you are able to provide the following it would very much help in diagnosing the issue (either by posting here or by DM, with sensitive information obfuscated):

  • code snippets of where you perform the API call to Auth0 to begin the authentication process (largely looking for any possible misconfigurations)
  • .HAR files of the authentication attempt resulting in the error

I’ll look into generating an HAR file later. As for the API calls, nothing special to do there: Simply hit the “try” button on the social connections manage page (with API details from Google), which then should fail after the consent.

Hi @DASPRiD

If the try button doesn’t work then there is definitely an issue with your configuration somewhere.

Can you please confirm that you have correctly setup the OAuth credentials in the Google Credentials dashboard? (your previous screenshots didn’t include this)

For reference, here is a screenshot of our staging setup:

Sure, here it is:
https://s.dasprids.de/XDcdvw

And here is the relevant config from the consent screen:
https://s.dasprids.de/XDceBQ

Hi @DASPRiD

That config looks fine.

Can you please double check that the client ID and client secret you have entered into auth0 match what is displayed in the Google dashboard?

Also, if you have any custom rules can you please try disabling all of them just to rule them out.

Okay, I tracked down the error, which is… well:

When copying the client secret, a leading space slipped into the clipboard.

May I recommend that you trim user input to avoid such mistakes? :slight_smile:

3 Likes

@DASPRiD Excellent find, solved my issue.

Thanks a lot @DASPRiD for finding that out and sharing with the rest of community! Glad you made it work!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.