Closed marcuxyz closed 4 years ago
coveralls
commented
4 years ago Coverage remained the same at 67.775% when pulling 9f5ab0ba31181731c2379592e366c953f17e71f7 on marcuxyz:marcuxyz/fix-oauth2-google into 3c8697f7e0281f5ebe2903426a20c8bb8d24cace on adonisjs:develop.
thetutlage
commented
4 years ago Looking at the google documentation. https://developers.google.com/identity/protocols/oauth2/web-server#callinganapi, it also accepts the access token as Authorization header and this is what we are doing.
marcuxyz
commented
4 years ago Looking at the google documentation. https://developers.google.com/identity/protocols/oauth2/web-server#callinganapi, it also accepts the access token as
Authorizationheader and this is what we are doing.
Then you could use the query string instead of the header. Since the query string is working and the header is not.
thetutlage
commented
4 years ago The header has been working fine for many of us. Also, if there is an issue, it's better to find the root cause vs opting one over the other.
Proposed changes
This is a bug that was occurring when trying to authenticate with Google. #96
The error that was occurring was:
E_OAUTH_STATE_MISMATCH: Oauth state mis-matchAccording to google, this is the new URL for authentication. https://developers.google.com/identity/protocols/oauth2/web-server#httprest_1
https://www.googleapis.com/oauth2/v3/userinfo?access_token=access_tokenTypes of changes
What types of changes does your code introduce?
Put an
xin the boxes that applyChecklist
Put an
xin the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.Further comments
If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...