How to setup OAuth properly
-
is this what you mentioned?
I had added it a few days ago and it shows me this error
Actually, we made a progress since a few days ago the error said I need to define scope.
-
and to be clear, the error dialog I posted above was from fusionauth admin console
but if I call the request to this function
@Get("oauth/login")
async login(@Req() req: Request, @Res() res: Response) {
const fusionAuthURL = ${process.env.FUSIONAUTH_ISSUER}/oauth2/authorize?client_id={secret}&response_type=code&redirect_uri=${"my redirect url"};
return res.redirect(fusionAuthURL);
}it still returns me
{
"error" : "invalid_client",
"error_description" : "client_id: {secret} is not valid.",
"error_reason" : "invalid_client_id"
} -
@altear147 Thanks for taking the time to work with this. It is generally a pretty straight forward process taking no more than 5 minutes. I am out of the office this week, but will try to get some time to replicate what you are going through. I want to make sure I am working on the right thing, so just want to confirm that we have the same end goal. You want the 'Login with Google' button to work for an Application you created within FusionAuth, right?
-
@altear147 also did you grant these scopes in the google config?
-
thank you for replying.
My auth platform(Nest js) was implemented on top of FusionAuth in order to make some features for authentication and authorization.
and I do want to allow a new user to sign-in and access my platform without register by using sso feature.
I defined a login and callback function(as I've written above) for the web application using redirect method.
I also enable sign-in google button at the fusionauth admin in order to test the credential and as I showed you that I still encouter the invalid client error.
I believe that it's not that so complicated due to the document is easy to replicate but for some reasons I still get the error.
Lastly I havn't seen any section in credetial page that can define scope, may you tell me about this section.
-
oh, I saw the oauth consent screen but for some reason it redirect me to other page, looks like I'm not allowed to access this page.
but I don't think it was a root cause of my error due to the error kept showing me "invalid client id" in my redirect scenario and "redirect uri mismatch" in futionauth console scenario.
-
I think I did misunderstand after taking a look at the document again.
for this moment I can make a redirect login from my site and retrieve access token there is some issue left at my site. I will let you know after I solve those probs.
thank you for replying.
-
@altear147 Awesome that you are making progress and thanks for keeping the post updated. I'll keep an eye on the thread, and if other issues come up, let us know.
-
Hello, sorry for away from this topic for a week due to my other ad hoc job,
I've already solved this topic, it's not about setting on Fusionauth or google credential.
but it's because I used google's client id on Fusionauth callback and
after you told me to set applicationId in my Fusionauth admin then I used ApplicationId on google oauth's callback.that's why it kept return me client id is invalid.
it was right under my nose, but I couldn't see it.
Thank you for reply me, that's very helpful, It would take more time if you didn't help me.
-
M mark.robustelli has marked this topic as solved on
-
It's so easy to mix up those IDs when you're moving between FusionAuth and the Google console! It’s definitely one of those things that’s right under your nose but impossible to see until someone points it out. Glad to hear you got the callback working - that 'invalid_client' error can be a real headache when everything else looks correct.