Google login with Rest API

Hello,
I’m trying to log in with google and Rest Api. I choose the way with the SDK Provider. All is fine, I receive the idToken from Google. Now I want to use the OAuth endpoint to exchange my token with a backendless token and login.

I launch this endpoint with POST method

MYAPP/api/users/oauth/googleplus/login

I have this error:

{
    "code": 3109,
    "message": "GUID: 29BFAAE2-30BA-4C18-8778-E667181D67A3\n Error during obtaining user data.\n Response from OAuth2 provider server: Unauthorized\n{\n  \"error\": {\n    \"code\": 401,\n    \"message\": \"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.\",\n    \"status\": \"UNAUTHENTICATED\"\n  }\n}\n",
    "errorData": {}
}

I have seen a topic on this support which suggest to use the redirect URL, but I want to keep the SDK Provider. There is a new way to handle google sign in with credential.

This is my body I send

{
    "accessToken":"myToken"
}

Do I need to send this token as a Bearer too? Why this call didn’t work?

Thanks you

Hi @Indevers

We are currently looking into your issue and will answer as soon as possible

Regards,
Zahar

Also, provide your application ID please

My application ID is : 6BBA55A8-087F-EBA2-FF1B-596EB5335600

1 Like

Unfortunately, there is no other way but to use the approach described in the documentation. Therefore, please try to add a redirect URL.

Regards,
Zahar

Ok so if I use the method with the redirect url I can’t use the sdk provider, right?

I guess you can use sdk provider
You can read more about logging in with the provider’s SDK here Initial Configuration - Login With Provider’s SDK

ok maybe we didn’t understand each other. The redirection url you’re talking about, where did you put it? That’s what I didn’t understand. Because I’ve followed the whole tutorial, when I implement the login with the sdk provider, I get the token back, but it’s the OAuth2 Login API that doesn’t seem to be working.

Do you have the same thing at your level or does it work?

you should put it here If I understand you correctly

Hello @Zahar_Mychka ok I added the redirect url.
Now I made the api call like this (with the access token from google)

{
  "accessToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImUyNmQ5MTdiMWZlOG....duCFGd6fI2Sw",
  "fieldsMapping": {
    "email": "email",
    "profilePicUrl": "profileImage",
    "displayName": "firstname"
  }
}

And I have this response:

{
  "code": 3109,
  "message": "GUID: FC7E7791-601A-4685-9630-7F0CB8CFE3D3\n Error during obtaining user data.\n Response from OAuth2 provider server: Unauthorized\n{\n  \"error\": {\n    \"code\": 401,\n    \"message\": \"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.\",\n    \"status\": \"UNAUTHENTICATED\"\n  }\n}\n",
  "errorData": {}
}

I didn’t understand why I send an access token and I have an error saying that the api call need an accessToken.

Hi @Indevers ,

We checked on our side and the login was successful.
This error occurs when an incorrect accessToken is provided.
Please check your accessToken.

To obtain an accessToken, use the link returned by the request described on this documentation page: Get Authorization URL - Backendless REST API Documentation

Also, please make sure that everything is correctly set up on the provider’s side: OAuth 2.0 Playground

Regards,
Viktor

@Viktor_Mudrevsky I’m using the way with the SDK provider, no mention of the Get Authorization URL is required for this way. I get the acces token from Google. I will try the playground but I think that the issue is not coming from this… Have you tried with the SDK provider to have the login successful?

Hello @Indevers

https://backendless.com/docs/rest/users_oauth2_login_api.html#endpoint-url
The following method works without error if you use the correct accessToken. In case the token is invalid, the error you receive is returned. Please make sure you pass the correct token and let us know if this works for you.
You can generate an access token at the following resource - OAuth 2.0 Playground

Also, please specify which SDK you are using.

Regards,
Inna

@Inna_Shkolnaya Ok I found my error. Like GoogleSignIn is deprecated, I was using CredentialManager, but this didn’t give a serverAuthCode to exchange with an accessToken. So for the moment I use the GoogleSignIn just to test, and I receive the serverAuthCode, so I exchange it and I have an accessToken. Everything is fine. My only issue is about my fieldsMapping. Because, I’m not sure of which are the field of google and how the next api call reconize them

https://cannypancake.backendless.app/api/users/oauth/googleplus/login

{
  "accessToken": "myaccessToken",
  "fieldsMappings": {
    "email": "email",
    "photoUrl": "profileImage",
    "givenName": "firstname"
  }
}

For example, my column firstname in Backendless is not fill with the value of givenName even if in my log code, I see the given name from Google.
I don’t understand how the api call get the google information to map them.

Also, new columns are created in : “id”, “name” but I don’t need them and I don’t undestrand how they are created.

Thanks you for your help

@Indevers ,

Your field mappings are correct: key should be a Google property, value - Backendless property.

It is strange that your fields in the table are not filled with data from Google user.

I don’t understand how the api call get the google information to map them.

When you passed your access tocken to the server it makes call to the https://www.googleapis.com/oauth2/v1/userinfo endpoint with that token to obtain information about user.
Could you make a direct call to that endpoint and check that fields which you use in fields mapping are returned by the endpoint?

Also, new columns are created in : “id”, “name” but I don’t need them and I don’t undestrand how they are created.
They are created basing on default login provider fields mappings. Unfortunately is no way to remove them completely since server logic will always create them. You can hide them for API responses using columns visibility.

Regards, Andriy

Thanks you I made a direct call to the endpoint and actually it was given_name and not givenName, and picture and not photoUrl.

Thanks you

1 Like