I've implemented an implicit flow for authorization and followed the directions on the docs for account linking, but when I redirect the url back to google, I get:
'Accounts failed to link. Please close your browser and try again'
My authorization URL is:
https://m-auth.herokuapp.com/dialog/authorize?client_id=abc123&redirect_uri=https://oauth-redirect.googleusercontent.com/r/trans-f4514&response_type=token&state=STATE
And my redirect after authorization through my app, is:
https://oauth-redirect.googleusercontent.com/r/trans-f4514#access_token=3c642a215cd0a2e8c8f00eb03535a6304aaf5739&token_type=bearer&state=STATE
When I test this on the playground I get:
Is this the correct req/response I should be getting?
I am also getting "Start Test Failed" when I try to test the app on the simulator.
Could it be a problem that the user is directed to a login screen?
Any clue as to why I am running into these problems? Thanks!
===========================================================================
UPDATE:
I changed the state parameter in the uri to STATE_STRING and it stopped saying that the linking failed, but it is not saying it was successful either:
Does it mean it was successful if I only get the above message?
You misconfigured your redirect url.
Currently the user is redirected to this url:
https://developers.google.com/oauthplayground&access_token=TOKEN&token_type=bearer&state=NULL
Google OAuth required a format like: https://developers.google.com/oauthplayground/#access_token=TOKEN&token_type=Bearer&expires_in=3600
You can test your OAuth endpoint with this OAuth Playground configuration. After granting access to your application you should see the OAuth Playground again but with Step 2 being activated. You can review the token that was retrieved by activating "Step 1's resultAccess token retrieved".
Related
What I want
I'm trying to implement an Authorization Code Flow (PKCE) for a Flutter desktop app.
My goal is just to get the token that return from OAuth2 Providers (Google, Facebook, Twitter)
What I try
I try to create an Authorize URL for Twitter like this...
https://twitter.com/i/oauth2/authorize?
response_type=code&
client_id={my_twitter_client_id}&
redirect_uri=https://{firebase_app_id}.firebaseapp.com/__/auth/handler&
scope=offline.access&
state=state&
code_challenge=challenge&
code_challenge_method=plain
It opens the authorization page, and after I click Authorize.
It redirects me to the https://{firebase_app_id}.firebaseapp.com/__/auth/handler including the state and authorization code params as expected.
But it shows this error...
Unable to process request due to missing initial state. This may happen if browser sessionStorage is inaccessible or accidentally cleared.
Questions
Am I supposed to use a Firebase package only, in order to not see this error? I tried flutterfire_desktop, but I got a build error, and finding a way to fix it for now. So, I'm trying to do it this way just to test the flow first.
What happen after i got redirected to https://{firebase_app_id}.firebaseapp.com/__/auth/handler? Do I have to take the Authorization code from param and make a request to the token endpoint myself, or does Firebase do this automatically for me?
I'm trying to set up OAuth2 flow between my application and Smartsheet, using the instructions at http://smartsheet-platform.github.io/api-docs/?shell#oauth-flow.
It seems as if the client_id parameter is being lost when the user submits Smartsheet's authorization dialog. Here's what I'm seeing:
My web page displays a link to https://app.smartsheet.com/b/authorize?response_type=code&client_id=[my_client_id]&scope=READ_SHEETS%20WRITE_SHEETS%20SHARE_SHEETS
(From here on, I will be omitting the protocol and domain from URLs, as I have posted little enough to Stack Overflow that I am unable to include more than two links in a question!)
I click that link, and wind up on /b/authorize?formName=fn_authorize&formAction=fa_loadAuthorize&response_type=code&client_id=[my_client_id]&scope=READ_SHEETS+WRITE_SHEETS+SHARE_SHEETS . The dialog shows the logo and name of my web site, so I know that the client_id is correct.
Then I click "Allow" and see the message "The client ID is missing or invalid" at /b/authorize?formName=fn_authorize&formAction=fa_loadAuthorize&redirect_uri=[my redirect uri]
I've gone over the instructions a couple of times to make sure the URI I'm generating is valid, and have tried it with and without the redirect_uri parameter.
What might I be doing wrong?
I'm unable to reproduce the issue you've described, even using the oAuth URL copied exactly from your post/question. Here's a recap of my test scenario:
Created new "App" (via Developer Tools in the Smartsheet UI) to generate a client id and app secret.
Redirected user to: https://app.smartsheet.com/b/authorize?response_type=code&client_id=[my_client_id]&scope=READ_SHEETS%20WRITE_SHEETS%20SHARE_SHEETS
User clicks Allow.
User is successfully redirected to the redirect URL that's specified in my App config settings.
So, Smartsheet oAuth appears to be functioning successfully. Which would seem to suggest that perhaps it's something specific to your App config settings that's causing your issue. A couple of suggestions for troubleshooting:
Try editing your App config settings to (temporarily) replace the value of App redirect URL with something simple like: http://www.google.com -- then test oAuth flow again. If it works with the new redirect URL, that'd suggest an issue with Smartsheet not being able to redirect to your original redirect URL (and the "client id is missing or invalid" error message is not really an accurate message).
If changing the redirect URL doesn't resolve the error -- perhaps try creating a new App altogether (via Developer Tools in the Smartsheet UI), and attempt the same oAuth flow using that new App's client id. If for some reason there's something corrupt about the App that's giving you the error now, then it's possible that starting over with a new App altogether will resolve your issue.
For box.net is it possible to get the OAuth2 Authorization Code without using the browser?
I am trying to use perl and have managed to get to the grant access page. This is the page where user presses the grant access button in the browser.
Sending post via perl in earlier stages works fine, but it does not work simulating the grant accrss button and returns
HTTP/1.1 500 Internal Server Error
Connection: close
with message "Your Box account may be temporarily unavailable. We're working on resolving the issue and should be back up soon."
i got the same response when i used curl. If i try it with the browser it works fine by returning the authorization code in the url part of the browser.
No, the purpose of that page is for the owner of the Box resources to consent to giving your app access. If he's not logged in, he will have to enter credentials and then consent. You see the consent page, because you are likely to be authenticated already; but the general use is that your app is requesting a user access ti his data in box.
ok i solved my problem....turned out i was missing some parameters, so i used fiddler and found out the post/get parameters that where needed and i recreated the requests using libcurl. And in doing so i was able to bypass the browser.
Our ios app uses Facebook login, and recently we found some Facebook accounts can't login. The server gives us the following response:
{"error":{"message":"An unexpected error has occurred. Please retry your request
later.","type":"OAuthException","code":2}}
After using facebook access token debugger and input the access token we found from the gdb:
https://developers.facebook.com/tools/debug/access_token?q=AAABZCwfIHg0IBAFLqDpQG2ZCYlxGWS0bBXvIwypOxIJ7q8VPNtcOo0eE2LiZBNT9YdWD18prYvhw78Cq7BPE4yhkxrZCBEWnxjM5ef35lwZDZD
It shows that the "User ID" is unknown.
Then we try another Facebook account which can login successful, and it shows in access token debugger the right "User ID".
Because only some account has problem, we think its a account related problem. We have searched it and changes some setting of the account, but nothing helps.
I'm trying to get an auth token for a user using OAuth.
Everything works fine and I'm getting the token wonderfully when the users tries to access the app using HTTPS, meaning from https://apps.facebook.com/APPNAME . However, if the user is coming from HTTP (which most users are) I get a 400 error from facebook when trying to get:
https://graph.facebook.com/oauth/access_token?code=XXXXXXXX-XXXXXX-XXXXXXXXX&client_secret=YYYYYYYYYYYYYYYYYYYYY&redirect_uri=https://fb.myapp.com/fb_connect/&client_id=ZZZZZZZZ
{
"error": {
"message": "Error validating verification code.",
"type": "OAuthException"
}
}
Why is this happening?
We have experienced a similar issues since Facebook began to require SSL certificates on apps.
OAuth 2.0 works correctly with PHP SDK 3.1.1. If you are using earlier versions, go to GIT HUB and upgrade.
However, even with 3.1.1, signed requests return NULL from http:// when Facebook users have not enabled secured browsing.
Solution is to 1. use javascript to add a redirect at the top of your script or 2. add a (a href =https://your app url*) link somewhere.
There is a major flaw in FB as all of FB links in the left side page menu are http:// when user has not enabled secured browsing.
I had the same problem but I found out that it was because the user did not confirm the e-mail address yet. So you won't get any token for a new user that has not confirmed his email address. Just in case, I thought it was useful for this topic.
A problem for me with the "Error validating verification code" were the redirect_uri.
Between the request for user authentication (returnung the code) and app authorization/authentication should be the same.