search

feathersjs / feathers

The API and real-time application framework
https://feathersjs.com
MIT License
15.06k stars 752 forks source link

getting error 401 Unauthorized when using google idToken to authenticate strategy:'google'' #1982

Closed co2nut closed 4 years ago

co2nut commented 4 years ago

Feathers related setup: package.json 

{
  "name": "api-auth",
  "description": "",
  "version": "0.0.0",
  "homepage": "",
  "main": "src",
  "keywords": [
    "feathers"
  ],
  "author": {
    "name": "",
    "email": "xxx@gmail.com"
  },
  "contributors": [],
  "bugs": {},
  "directories": {
    "lib": "src",
    "test": "test/",
    "config": "config/"
  },
  "engines": {
    "node": "^10.0.0",
    "npm": ">= 3.0.0"
  },
  "scripts": {
    "test": "npm run eslint && npm run jest",
    "eslint": "eslint src/. test/. --config .eslintrc.json",
    "dev": "nodemon src/",
    "start": "node src/",
    "jest": "jest  --forceExit"
  },
  "dependencies": {
    "@feathersjs/authentication": "^4.5.3",
    "@feathersjs/authentication-local": "^4.5.4",
    "@feathersjs/authentication-oauth": "^4.5.4",
    "@feathersjs/configuration": "^4.5.3",
    "@feathersjs/errors": "^4.5.3",
    "@feathersjs/express": "^4.5.4",
    "@feathersjs/feathers": "^4.5.3",
    "@feathersjs/socketio": "^4.5.4",
    "@feathersjs/transport-commons": "^4.5.3",
    "compression": "^1.7.4",
    "cors": "^2.8.5",
    "feathers-mongodb": "^6.1.0",
    "helmet": "^3.22.0",
    "mongodb": "^3.5.8",
    "mongodb-core": "^3.2.7",
    "serve-favicon": "^2.5.0",
    "winston": "^3.2.1"
  },
  "devDependencies": {
    "axios": "^0.19.2",
    "eslint": "^6.8.0",
    "jest": "^26.0.1",
    "nodemon": "^2.0.4"
  }
}

default.json

{
  "host": "localhost",
  "port": 3030,
  "public": "../public/",
  "paginate": {
    "default": 10,
    "max": 50
  },
  "authentication": {
    "entity": "user",
    "service": "users",
    "secret": "xxx=",
    "authStrategies": [
      "jwt",
      "local",
      "google"
    ],
    "jwtOptions": {
      "header": {
        "typ": "access"
      },
      "audience": "https://yourdomain.com",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "usernameField": "email",
      "passwordField": "password"
    },
    "oauth": {
      "redirect": "/",
      "auth0": {
        "key": "<auth0 oauth key>",
        "secret": "<auth0 oauth secret>",
        "subdomain": "<auth0 subdomain>"
      },
      "google": {
        "key": "xxxxxxx.googleusercontent.com",
        "secret": "xxxxxx",
        "scope": [
          "email",
          "profile",
          "openid"
        ]
      },
      "facebook": {
        "key": "<facebook oauth key>",
        "secret": "<facebook oauth secret>"
      }
    }
  },
  "mongodb": "mongodb://localhost:27017/api_auth"
}

authentication.js

const { AuthenticationService, JWTStrategy } = require('@feathersjs/authentication');
const { LocalStrategy } = require('@feathersjs/authentication-local');
const { expressOauth } = require('@feathersjs/authentication-oauth');

module.exports = app => {
  const authentication = new AuthenticationService(app);

  authentication.register('jwt', new JWTStrategy());
  authentication.register('local', new LocalStrategy());

  app.use('/authentication', authentication);
  app.configure(expressOauth());
};

Test with insomia: image

Pirsanth commented 4 years ago

I have a similar problem. Going to keep an eye on this thread.

daffl commented 4 years ago

This most likely means that flow could not get the profile. First, I recommend to make sure that the configuration is exactly as documented in the Google oAuth cookbook.

co2nut commented 4 years ago

@daffl I did tried to follow the configuration, but still no luck.

Google Console: Screenshot 2020-06-06 at 00 40 58

config/default.js: Find out this info "The scope value must begin with the string openid and then include profile or email or both." and changed accordingly

{
  "host": "localhost",
  "port": 3030,
  "public": "../public/",
  "paginate": {
    "default": 10,
    "max": 50
  },
  "authentication": {
    "entity": "user",
    "service": "users",
    "secret": "Tecx9BRFvJv7LUSFhLKPTh7Ux8g=",
    "authStrategies": [
      "jwt",
      "local",
      "google"
    ],
    "jwtOptions": {
      "header": {
        "typ": "access"
      },
      "audience": "https://yourdomain.com",
      "issuer": "feathers",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "usernameField": "email",
      "passwordField": "password"
    },
    "oauth": {
      "redirect": "/",
      "auth0": {
        "key": "<auth0 oauth key>",
        "secret": "<auth0 oauth secret>",
        "subdomain": "<auth0 subdomain>"
      },
      "google": {
        "key": "672542105176-bnn2425dkploqcenkpm6u3c7g0s41n29.apps.googleusercontent.com",
        "secret": "JyqNN2AWabd915ydcUTzLWNV",
        "scope": [ "openid", "email" ]
      },
      "facebook": {
        "key": "<facebook oauth key>",
        "secret": "<facebook oauth secret>"
      }
    }
  },
  "mongodb": "mongodb://localhost:27017/api_auth"
}

Is there anything I am still missing?

co2nut commented 4 years ago

it should not be using idToken, it should be accessToken instead