RE: How to setup OAuth properly

@mark-robustelli

Hello, sorry for away from this topic for a week due to my other ad hoc job,

I've already solved this topic, it's not about setting on Fusionauth or google credential.

but it's because I used google's client id on Fusionauth callback and
after you told me to set applicationId in my Fusionauth admin then I used ApplicationId on google oauth's callback.

that's why it kept return me client id is invalid.

it was right under my nose, but I couldn't see it.

Thank you for reply me, that's very helpful, It would take more time if you didn't help me.

@mark-robustelli

I think I did misunderstand after taking a look at the document again.

for this moment I can make a redirect login from my site and retrieve access token there is some issue left at my site. I will let you know after I solve those probs.

thank you for replying.

@mark-robustelli

oh, I saw the oauth consent screen but for some reason it redirect me to other page, looks like I'm not allowed to access this page.

but I don't think it was a root cause of my error due to the error kept showing me "invalid client id" in my redirect scenario and "redirect uri mismatch" in futionauth console scenario.

@mark-robustelli

thank you for replying.

My auth platform(Nest js) was implemented on top of FusionAuth in order to make some features for authentication and authorization.

and I do want to allow a new user to sign-in and access my platform without register by using sso feature.

I defined a login and callback function(as I've written above) for the web application using redirect method.

---

I also enable sign-in google button at the fusionauth admin in order to test the credential and as I showed you that I still encouter the invalid client error.

I believe that it's not that so complicated due to the document is easy to replicate but for some reasons I still get the error.

---

Lastly I havn't seen any section in credetial page that can define scope, may you tell me about this section.

@mark-robustelli

and to be clear, the error dialog I posted above was from fusionauth admin console

but if I call the request to this function

@Get("oauth/login")
async login(@Req() req: Request, @Res() res: Response) {
const fusionAuthURL = ${process.env.FUSIONAUTH_ISSUER}/oauth2/authorize?client_id={secret}&response_type=code&redirect_uri=${"my redirect url"};
return res.redirect(fusionAuthURL);
}

it still returns me
{
"error" : "invalid_client",
"error_description" : "client_id: {secret} is not valid.",
"error_reason" : "invalid_client_id"
}

@mark-robustelli

is this what you mentioned?

I had added it a few days ago and it shows me this error

Actually, we made a progress since a few days ago the error said I need to define scope.

as I replied earlier I add redirect uri in FusionAuth console and invalid_redirect_uri is gone.

and this moment still get this error using Google Oauth flow.

I replaced redirect uri "https://mydomain/callback" as I did in Fusionauth admin console but still get the same error.

@mark-robustelli

redirect url is valid now, it takes me to this login page again, expect flow is using google oauth flow, but we made a progress.

@mark-robustelli
Hi thank you for replying, and sorry for away a few days due to my group shut down the service during weekend and night time.

I try using url from this "OAuth IdP login URL", as a login function

@Get("oauth/login")
async login(@Req() req: Request, @Res() res: Response) {
const fusionAuthURL = ${process.env.FUSIONAUTH_ISSUER}/oauth2/authorize?client_id=1133784f-7f6e-4eda-a33b-7fd1164f6509&response_type=code&redirect_uri=${"my redirect url"};
return res.redirect(fusionAuthURL);
}

but it returns me
{
"error" : "invalid_request",
"error_description" : "Invalid redirect_uri {my redirect url},
"error_reason" : "invalid_redirect_uri"
}

PS. I replaced the direct url as a "my redirect url".

the value of my direct url is a url path that request to this

@Get("oauth/callback")
async callback(@Req() req: Request, @Res() res: Response) {
const user = req.user;

// skip access token

// res.cookie("token", jwtToken, { httpOnly: true });

return res.redirect(`${process.env.FRONTEND_URL}`);

}

@mark-robustelli

oh, I changed client id in identity provider to app id,

the error dialog still the same error

{
"error" : "invalid_client",
"error_description" : "client_id: {"still be google client id not app id"}apps.googleusercontent.com is not valid.",
"error_reason" : "invalid_client_id"
}

it seems the id that was shown in the error dialog
is from the web service controller "process.env.FUSIONAUTH_CLIENT_ID"

@Get("oauth/login")
async login(@Req() req: Request, @Res() res: Response) {
const fusionAuthURL = ${process.env.FUSIONAUTH_ISSUER}/oauth2/authorize?client_id=${process.env.FUSIONAUTH_CLIENT_ID}&redirect_uri=${process.env.FUSIONAUTH_REDIRECT_URI}&response_type=code&scope=openid email profile;
return res.redirect(fusionAuthURL);
}

but in credential page isn't complicated.

anyway, I did enable and attemp to login from fusion auth admin page

and got this error.

@mark-robustelli

{
"error" : "invalid_client",
"error_description" : "client_id: {secret}.apps.googleusercontent.com is not valid.",
"error_reason" : "invalid_client_id"
}

@mark-robustelli
here, the identity provider page and credential page.

the error dialog said the client id is invalid,
I copied the id and secret from the credential page, so I'm pretty sure that there is no error like missing some character or having more character.

and here the error dialog that I mentioned

According to this article
https://fusionauth.io/docs/lifecycle/authenticate-users/identity-providers/social/google.

I create Google credentials as this image

[Please repost image]

the first hidden is my web app url.
and the second section hidden is redirected url to my backend service.

then create identity provider as this image

[Please repost Image]

and declare function to login and redirect like this

@Get("oauth/login")
async login(@Req() req: Request, @Res() res: Response) {
const fusionAuthURL = ${process.env.FUSIONAUTH_ISSUER}/oauth2/authorize?client_id=${process.env.FUSIONAUTH_CLIENT_ID}&redirect_uri=${process.env.FUSIONAUTH_REDIRECT_URI}&response_type=code&scope=openid email profile;
return res.redirect(fusionAuthURL);
}

@Get("oauth/callback")
async callback(@Req() req: Request, @Res() res: Response) {
const user = req.user;
return res.redirect(${process.env.FRONTEND_URL});
}

after build and deploy FusionAuth, my web app and backend service I saw login with google button at the Fusionauth admin page.

I try to login with that button, and the error dialog show me that my client id is invalid.

I try to send redirect request from my web app to backend service with the function I mentioned above
it didn't work as well.

May you direct me what I was missing or misunderstanding or what I need to clarify.

thank you in advance.

Hello guys,

I developed the auth application using TS and fusionauth ts client SDK,

I need to use a function update user like this

const result = await this.fusionAuthService.editUser(body.userId, {
email: body.email,
firstName: body.firstName,
lastName: body.lastName,
mobilePhone: body.mobilePhone,
});

after that U check on the fusionauth dashboard, the data was updated but the username and lastLoginInstant is removed from the user so I cannot login with that user.

lib version is "@fusionauth/typescript-client": "^1.48.0"

Thank you for your help.