cpcallen
commented
5 years ago O.K., I am able to reproduce this 100% of the time on my local machine, using an incognito window to log in with either my corp or personal account.
Closed cpcallen closed 5 years ago
cpcallen
commented
5 years ago O.K., I am able to reproduce this 100% of the time on my local machine, using an incognito window to log in with either my corp or personal account.
cpcallen
commented
5 years ago More info: after getting "Invalid Grant" message, if you go back to the login page and click the login button again it works fine.
cpcallen
commented
5 years ago The first time we hit the login server, the URL is just /login. After user clicks login, we hit it again with a URL that looks like:
/login?code=4%2F_gChz... [censored] ...Se98&scope=openid+email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.emailThis provokes the invalid_grant response, but if the user goes back to the login page and clicks the button again, they hit the login server with a URL that looks like:
/login?code=4/_gCMN... [censored] ...rM7g&scope=openid+email+https://www.googleapis.com/auth/userinfo.email… and that one works.
cpcallen
commented
5 years ago O.K., confirmed: the problem is that oauth2Client.getToken doesn't like being passed the code URI encoded. (It also doesn't need to get passed the rest of the query parameters, though seem to ignore them happily enough.)
I am unable to log in using my @gmail.com account; I get the message "Google Authentication fail: Error: invalid_grant" at
https://google.codecity.world/login?code=[CENSORED]&scope=openid+email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email#.