FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. fela
    3. Best
    F
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 1
    • Best 1
    • Controversial 0
    • Groups 0

    Best posts made by fela

    • tokeninfo 400 response during Complete the Google Login

      Hi

      I git stuck while configuring login with google identity provider. I am using my own login page and getting the code from Google.

      When I use /api/identity-provider/login API with PHP client it fails with error:
      code: [ExternalAuthenticationException]GoogleTokenInfo
      message: A request to the Google Token Info API has failed. Unable to complete this login request.

      I turned on debug for events logging and I can see that FA gets token correctly

      Google IdP Response Debug Log [82339786-3dff-42a6-aac6-1f1ceecb6c46]

1/18/2022 11:21:54 PM GMT Using code and redirect_uri with login method UseRedirect:
1/18/2022 11:21:54 PM GMT Call the [https://oauth2.googleapis.com/token] endpoint.
1/18/2022 11:21:54 PM GMT Endpoint returned status code [200]
1/18/2022 11:21:54 PM GMT Endpoint response:
{
  "access_token" : "ya29.........CWC",
  "expires_in" : 3599,
  "scope" : "https://www.googleapis.com/auth/cloud-platform.read-only",
  "token_type" : "Bearer"
}
1/18/2022 11:21:54 PM GMT Call the [https://www.googleapis.com/oauth2/v3/tokeninfo] endpoint.
1/18/2022 11:21:54 PM GMT Endpoint returned status code [400]
1/18/2022 11:21:54 PM GMT The response was not successful, see the error event log.

      But it fails with tokeninfo request:

      Request to the [https://www.googleapis.com/oauth2/v3/tokeninfo] endpoint failed. Status code [400].

Error response is 
{
  "error_description" : "Either access_token, id_token, or token_handle required"
}

      However, when I try to call this request manually with retrieved token it seems to be working:

      $ curl "https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ya29.........CWC"

{
  "azp": "968429353208-itkeurv2jjt9l4fsq8ii2mosgugs4gc2.apps.googleusercontent.com",
  "aud": "968429353208-itkeurv2jjt9l4fsq8ii2mosgugs4gc2.apps.googleusercontent.com",
  "scope": "https://www.googleapis.com/auth/cloud-platform.read-only",
  "exp": "1642549482",
  "expires_in": "3307",
  "access_type": "online"
}

      and using POST it works as well:

      curl -L  --data "access_token=ya29.........CWC" https://www.googleapis.com/oauth2/v3/tokeninfo

      How can I find what does FA request to Google or what is wrong with my FA or GoogleCloud configuration?
      I tried to find a similar case online, but no success. I hope you have seen this before 🙂

      Many thanks.
      Fela

      posted in Q&A
      F
      fela