• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
  1. Home
  2. fela
  3. Best
F
  • Profile
  • Following 0
  • Followers 0
  • Topics 1
  • Posts 1
  • Best 1
  • Controversial 0
  • Groups 0

Best posts made by fela

  • tokeninfo 400 response during Complete the Google Login

    Hi

    I git stuck while configuring login with google identity provider. I am using my own login page and getting the code from Google.

    When I use /api/identity-provider/login API with PHP client it fails with error:
    code: [ExternalAuthenticationException]GoogleTokenInfo
    message: A request to the Google Token Info API has failed. Unable to complete this login request.

    I turned on debug for events logging and I can see that FA gets token correctly

    Google IdP Response Debug Log [82339786-3dff-42a6-aac6-1f1ceecb6c46]

1/18/2022 11:21:54 PM GMT Using code and redirect_uri with login method UseRedirect:
1/18/2022 11:21:54 PM GMT Call the [https://oauth2.googleapis.com/token] endpoint.
1/18/2022 11:21:54 PM GMT Endpoint returned status code [200]
1/18/2022 11:21:54 PM GMT Endpoint response:
{
  "access_token" : "ya29.........CWC",
  "expires_in" : 3599,
  "scope" : "https://www.googleapis.com/auth/cloud-platform.read-only",
  "token_type" : "Bearer"
}
1/18/2022 11:21:54 PM GMT Call the [https://www.googleapis.com/oauth2/v3/tokeninfo] endpoint.
1/18/2022 11:21:54 PM GMT Endpoint returned status code [400]
1/18/2022 11:21:54 PM GMT The response was not successful, see the error event log.

    But it fails with tokeninfo request:

    Request to the [https://www.googleapis.com/oauth2/v3/tokeninfo] endpoint failed. Status code [400].

Error response is 
{
  "error_description" : "Either access_token, id_token, or token_handle required"
}

    However, when I try to call this request manually with retrieved token it seems to be working:

    $ curl "https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ya29.........CWC"

{
  "azp": "968429353208-itkeurv2jjt9l4fsq8ii2mosgugs4gc2.apps.googleusercontent.com",
  "aud": "968429353208-itkeurv2jjt9l4fsq8ii2mosgugs4gc2.apps.googleusercontent.com",
  "scope": "https://www.googleapis.com/auth/cloud-platform.read-only",
  "exp": "1642549482",
  "expires_in": "3307",
  "access_type": "online"
}

    and using POST it works as well:

    curl -L  --data "access_token=ya29.........CWC" https://www.googleapis.com/oauth2/v3/tokeninfo

    How can I find what does FA request to Google or what is wrong with my FA or GoogleCloud configuration?
    I tried to find a similar case online, but no success. I hope you have seen this before 🙂

    Many thanks.
    Fela

    posted in Q&A
    F
    fela
    18 Jan 2022, 23:56