But the returned responseUrl is valid, because when I punched responseUrl into the chrome browser (i.e. made an additional GET request) it performs a redirect to the correct address https://redditenhancementsuite.com/oauth#access_token=... which contains the access_token desired.
Perhaps another sendMessage should be added if the redirect_uri parameter exists, or if the responseUrl domain isn't redditenhancementsuite.
EDIT: Found a root cause (there may be more, I'm unsure)
It appears (from my tests) that an additional redirect is done when login_hint contains an email from a GSuite domain (rather than @yahoo, @gmail, etc.). For these emails, the hd parameter must be added in to prevent a second redirect.
In other words: domain: `https://accounts.google.com/signin/oauth?login_hint=${googleLoginHint} needs to be more like domain: `https://accounts.google.com/signin/oauth?login_hint=${googleLoginHint}&hd=${GSuiteDomain}.
The other option would be to support an arbitrary number of redirects, but it looks like the only thing the redirect does for now is add as and hd parameters. The as parameter doesn't seem to be necessary, but hd seems to be required.
abjugard
commented
1 year ago
"No token found in response" when googleAccount (
googleLoginHint) is specified.https://github.com/honestbleeps/Reddit-Enhancement-Suite/blob/5e2630b00a5837f9a59b8fbbefd8aa4acf136953/lib/environment/foreground/auth.js#L28-L41
I looked into the value of
responseUrlwhengoogleLoginHintis specified, and it's of the form:which is missing the
access_tokenparameter, rather than expectedBut the returned
responseUrlis valid, because when I punchedresponseUrlinto the chrome browser (i.e. made an additional GET request) it performs a redirect to the correct addresshttps://redditenhancementsuite.com/oauth#access_token=...which contains theaccess_tokendesired.Perhaps anothersendMessageshould be added if theredirect_uriparameter exists, or if theresponseUrldomain isn'tredditenhancementsuite.EDIT: Found a root cause (there may be more, I'm unsure)
It appears (from my tests) that an additional redirect is done when
login_hintcontains an email from a GSuite domain (rather than @yahoo, @gmail, etc.). For these emails, thehdparameter must be added in to prevent a second redirect.In other words:
domain: `https://accounts.google.com/signin/oauth?login_hint=${googleLoginHint}needs to be more likedomain: `https://accounts.google.com/signin/oauth?login_hint=${googleLoginHint}&hd=${GSuiteDomain}.The other option would be to support an arbitrary number of redirects, but it looks like the only thing the redirect does for now is add
asandhdparameters. Theasparameter doesn't seem to be necessary, buthdseems to be required.Originally posted in https://github.com/honestbleeps/Reddit-Enhancement-Suite/issues/5212#issuecomment-751829160