search

googleapis / google-api-php-client

A PHP client library for accessing Google APIs
http://googleapis.github.io/google-api-php-client/
Apache License 2.0
9.35k stars 3.52k forks source link

invalid_request Invalid parameter value for approval_prompt: 'auto' is not valid #1821

Closed garymg18 closed 4 years ago

garymg18 commented 4 years ago

Environment details

Hello, I've a problem with GoogleLogin Extension for mediawiki which is using Your google-api-php-client. From today (yesterday there was no problem) we're getting this error from Google: 

Authorization Error
Error 400: invalid_request
Invalid parameter value for approval_prompt: 'true' is not valid

When I changed the value from 'true' to force in Client.php (Client.php#L128) file it started to work. But is this value OK? Maybe this is some kind of bug and should be fixed in other way?

Thank You for Your answer

Best Regards, Marcin

kamyweb commented 4 years ago

The same on some our oauth applications Environment details OS: Amazon Linux/Docker (php:5.6-fpm) PHP version:

php -v
PHP 5.6.40 (cli) (built: Jan 14 2019 21:32:25) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Xdebug v2.5.5, Copyright (c) 2002-2017, by Derick Rethans

Package: "google/apiclient": "^2.1", but also with "google/apiclient": "^2.4",

Authorization Error Errore 400: invalid_request Invalid parameter value for approval_prompt: 'auto' is not valid

also try with: $client->setApprovalPrompt("consent"); with similar error

Authorization Error Errore 400: invalid_request Invalid parameter value for approval_prompt: 'consent' is not valid

inogo commented 4 years ago

Please use setPrompt method: $google->setPrompt('consent');

More details in #1795

kamyweb commented 4 years ago

It works, but I don't undestand why the same code yesterday works correctly... Is there any changes on google api specs?

hugovk commented 4 years ago

Yes, looks like a change on the Google side, this is affecting many sites (eg. Vimeo) and auth libraries:

Fix is to remove the approval_prompt=auto parameter or replace it with prompt= or approval_prompt=force

https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters

For example:

abmcr commented 4 years ago

Please use setPrompt method: $google->setPrompt('consent');

More details in #1795

This solve the problem Thank you

bshaffer commented 4 years ago

Thank you everyone, great dialog. Thanks @inogo and @hugovk for chiming in. Im closing this issue but please comment or continue dialog if I missed anything.

kamyweb commented 4 years ago

@bshaffer don't you think is required to change the default value of Prompt from 'auto' to 'none' or empty as documentated on this site https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters ?

jkanape commented 4 years ago

I think default value of 'prompt' is empty string already: https://github.com/googleapis/google-api-php-client/blob/master/src/Google/Client.php#L122

But maybe 'approval_prompt' should be changed? (even Google seems to accept 'auto' again)

hugovk commented 4 years ago

Looks like Google have now fixed it, but approval_prompt isn't in the docs so I believe it probably makes sense to change it. We're keeping the change in our library.

pranshukamalanup commented 3 years ago

https://accounts.google.com/signin/oauth/error?authError=Cg9pbnZhbGlkX3JlcXVlc3QSPEludmFsaWQgcGFyYW1ldGVyIHZhbHVlIGZvciBwcm9tcHQ6IEludmFsaWQgcHJvbXB0OiBjb25zZW50Oxo3aHR0cHM6Ly9kZXZlbG9wZXJzLmdvb2dsZS5jb20vaWRlbnRpdHkvcHJvdG9jb2xzL29hdXRoMiCQAw%3D%3D&client_id=83644758924-ckej0ttfsr7umfjj9a8shno24qd1u953.apps.googleusercontent.com

Error 400: invalid_request Invalid parameter value for prompt: Invalid prompt: consent;

TheCrowned commented 1 year ago

@bshaffer This page still recommends setApprovalPrompt('consent'), which results in a bad request: https://developers.google.com/identity/protocols/oauth2/web-server