Error handling auth response. Error: Google+Error+-+401+invalid_client

[andre347]

Describe the bug Using Google Authentication as my social provider in my React Amplify project throws occasionally a Google Error 401 invalid client. What makes this very odd is that I've been working on this for about two days and each day for a few hours with no problems at all and then all of a sudden this errors pops up and it stops working. Without me touching anything in the Cognito console.

To me this feels like I'm hitting some kind of request limit in either Cognito or Google? Because setting this up was a breeze with Amplify.

I have both username + password login and Google Authentication setup. The former keep on working fine, but the latter fails.

To Reproduce Steps to reproduce the behavior:

I basically set it up following this article by Nader Dabit: https://dev.to/dabit3/the-complete-guide-to-user-authentication-with-the-amplify-framework-2inh

1. Setup Google Auth on your user pool (and configure everything on the Google side)
2. Enable the login button for Google auth
3. Sign in with my Google account
4. Error pops up in the browser console (Error handling auth response. Error: Google+Error+-+401+invalid_client)

Expected behavior That this error doesn't happen even though I haven't changed anything. User should just login fine.

Code Snippet Let me know what code snippet you need to see to troubleshoot this issue

Screenshots

What is Configured? If applicable, please provide what is configured for Amplify CLI:

• Which steps did you follow via Amplify CLI when configuring your resources. Amplify auth and social provider Google
• Which resources do you have configured? I have two redirectSignIn & redirectSignOut configured and swapping between the two in local vs prod. But problem happens in both.

Environment

``` System: OS: macOS 10.15.7 CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Memory: 191.99 MB / 32.00 GB Shell: 5.7.1 - /bin/zsh Binaries: Node: 12.13.0 - /usr/local/bin/node Yarn: 1.22.10 - /usr/local/bin/yarn npm: 7.0.3 - /usr/local/bin/npm Browsers: Brave Browser: 86.1.15.76 Chrome: 86.0.4240.111 Firefox: 82.0 Safari: 14.0 npmPackages: @headlessui/react: ^0.2.0 => 0.2.0 @reach/router: ^1.3.4 => 1.3.4 @tailwindcss/typography: ^0.2.0 => 0.2.0 @tailwindcss/ui: ^0.6.2 => 0.6.2 @tailwindui/react: ^0.1.1 => 0.1.1 @testing-library/jest-dom: ^5.11.4 => 5.11.4 @testing-library/react: ^11.1.0 => 11.1.0 @testing-library/user-event: ^12.1.10 => 12.1.10 autoprefixer: ^10.0.1 => 10.0.1 aws-amplify: ^3.3.4 => 3.3.4 aws-amplify-react: ^4.2.8 => 4.2.8 framer-motion: ^2.9.4 => 2.9.4 postcss-cli: ^8.1.0 => 8.1.0 react: ^17.0.1 => 17.0.1 react-dom: ^17.0.1 => 17.0.1 react-ga: ^3.2.0 => 3.2.0 react-scripts: 3.4.4 => 3.4.4 tailwindcss: ^1.9.5 => 1.9.5 npmGlobalPackages: @aws-amplify/cli: 4.13.1 @tableau/tabextsandbox: 1.0.1 @vue/cli-init: 3.0.0-rc.10 @vue/cli: 3.2.1 autarky: 1.0.5 aws-cdk: 1.54.0 create-next-app: 9.0.3-canary.2 eslint-plugin-react-hooks: 2.1.2 eslint: 4.19.1 forever: 1.0.0 gatsby-cli: 2.12.77 gatsby: 2.14.0 handbrake-js: 3.0.8 hpm-cli: 2.0.1 http-server: 0.10.0 ipify-cli: 1.0.0 jsonexport: 3.0.0 n: 6.1.0 node-gyp: 5.0.7 nodemon: 1.19.3 npm-check-updates: 9.1.2 npm: 7.0.3 package-json-to-readme: 2.1.1 parcel-bundler: 1.12.3 serverless: 1.77.1 tableau-extensions-api-cli: 1.1.4 vercel: 19.2.0 wifi-password-cli: 1.0.0 zapier-platform-cli: 9.0.0```

[mauerbac]

hey @chrisbonifacio - can you take a look at reproducing this? It could be a docs issues as well

[chrisbonifacio]

Hey @andre347 👋 sorry for the delayed response. Did you ever manage to figure this out or do you still need assistance? I'm getting started on a reproduction right now but I'm inclined to believe that it might have something to do with permissions on Google's side because it's a 401 status code sent to us from Google?

I don't think I'd be able to reproduce this without more particular information about your amplify auth configuration because I've setup a couple OAuth (Google in particular) projects without issue recently. Haven't run into this yet on a fresh project on the latest version of aws-amplify at least.

On those projects, my oauth config looks like so

 "oauth": {
        "domain": "7755mfaoauth3c5b2d82-3c5b2d82-dev.auth.us-east-1.amazoncognito.com",
        "scope": [
            "phone",
            "email",
            "openid",
            "profile",
            "aws.cognito.signin.user.admin"
        ],
        "redirectSignIn": "http://localhost:3000/",
        "redirectSignOut": "http://localhost:3000/",
        "responseType": "code"
    },
    "federationTarget": "COGNITO_USER_AND_IDENTITY_POOLS"

So, for now I'll be going through Nader's guide while using v3.3.4 of aws-amplify to try to match your env. I'll come back with any updates.

[andre347]

Hey @andre347 👋 sorry for the delayed response. Did you ever manage to figure this out or do you still need assistance? I'm getting started on a reproduction right now but I'm inclined to believe that it might have something to do with permissions on Google's side because it's a 401 status code sent to us from Google?

I don't think I'd be able to reproduce this without more particular information about your amplify auth configuration because I've setup a couple OAuth (Google in particular) projects without issue recently. Haven't run into this yet on a fresh project on the latest version of aws-amplify at least.

On those projects, my oauth config looks like so

 "oauth": {
        "domain": "7755mfaoauth3c5b2d82-3c5b2d82-dev.auth.us-east-1.amazoncognito.com",
        "scope": [
            "phone",
            "email",
            "openid",
            "profile",
            "aws.cognito.signin.user.admin"
        ],
        "redirectSignIn": "http://localhost:3000/",
        "redirectSignOut": "http://localhost:3000/",
        "responseType": "code"
    },
    "federationTarget": "COGNITO_USER_AND_IDENTITY_POOLS"

So, for now I'll be going through Nader's guide while using v3.3.4 of aws-amplify to try to match your env. I'll come back with any updates.

Thanks for taking a look! I just checked and the issue is still there. What other information do you need from me to reproduce?

[chrisbonifacio]

Hey @andre347 I was not able to reproduce this issue while following the guide you linked. Also, your aws-exports file seems fine as well.

The only thing I could think of is maybe your google client ID is incorrect? You can run amplify update auth and select Update OAuth social providers. Choose Google and re-renter you Client ID from your google cloud developer account (under Credentials) making sure that there are no trailing spaces or anything like that. And then amplify push again to update your cloud resources.

I intentionally entered the wrong Client ID and that was the only way I could reproduce this error

[chrisbonifacio]

Hi 👋 Closing this as we have not heard back from you in over a week. If you are still experiencing this issue and in need of assistance, please feel free to re-open. Thank you!

[benhurley]

im also having this issue, was this reopened?

[sandokan815]

Hi, @andre347 Did you figure out the issue you faced before? I am facing the exact same error like you