Hope you all are well, we are having some issues with getting our google login working, I don’t think we’re passing the correct token to backendless/google. See error below:
Response from OAuth2 provider server: Unauthorized
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
', detail: 'GUID: 8714F55E-72EE-0BD3-FF3D-E8FD6F98A100
Error during obtaining user data.
Response from OAuth2 provider server: Unauthorized
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
', extendedData: '{}' }
Would it be possible to get sample code of how you generate the token to put into Backendless.UserService.loginWithOAuth2, at the moment we have something like this:
val token = "XXX-XXX.apps.googleusercontent.com"
val gso = GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(token)
.requestProfile()
.requestEmail()
.build()
googleSignInClient = GoogleSignIn.getClient(this@LoginActivity, gso)
tokenResponse = new GoogleAuthorizationCodeTokenRequest(
new NetHttpTransport(),
JacksonFactory.getDefaultInstance(),
"https://www.googleapis.com/oauth2/v4/token",
getString(R.string.gp_WebApp_ClientId),
getString(R.string.gp_WebApp_ClientSecret),
gpAuthToken,
"") // Specify the same redirect URI that you use with your web
// app. If you don't have a web version of your app, you can
// specify an empty string.
.execute();
Are you suggesting its ok to put the client ID and client Secret in the android application? Note that we have already provided this to backendless server side under the users - login providers bit?
Yes, there is another implementation which doesn’t require provider token from client. You can use “simple login” flow.
With this flow you do not need to obtain token directly. Instead you will receive URL from the server which you should show user in controlled environment. It will open Google login window and after login will contain user auth token for Backendless.
More information about this flow you can find by the following link Social and OAuth2 Logins - Backendless REST API Documentation
More information about Authorization URL.
Authorization URL will lead user to Google Auth dialog. When user completes authorization in that dialog, Google will redirect him to the Backendless route which will complete authorization in Backendless and will return user info with user token.
Above you mention we should get ‘Backendless returns user info with auth-token’ what are we supposed to do with that URL to get the user object so that we are logged in?
You should call that URL by which you was redirected. In response you will get object with user data. Among that data will be “user-token” field which will contain auth-token for Backendless API.
As you can see, among URI params in redirect Google passes OAuth2 code. That code will be exchanged by Backendless server on Google OAuth2 token which will be used to obtain user info from Google API.
I can confirm that there is a bug related to Android API key. I have created internal ticket BKNDLSS-26799 for that problem. Our team reach you out when fix will be available.
As temporal workaround try to use REST API key in your application if it’s possible.
We have just updated our cloud servers with a fix for the issue with the Android API key used in the “simple login” flow. The redirect page now contains JSON data of the logged-in user. Could you please let us know if the fix works for you?