Closed CoderFX closed 4 years ago
Authority shouldn't have connect/authorize in it. It should just be set to the root of the project, i.e above, https://blah.com/google/home
Changed it to root, but docker log shows this error:
Showing login: User is not authenticated
That OAuth section should look like this.
"oauth": {
"tokenStoreFile": "config/tokens.json",
"authority": "https://blah.com/google/home",
"publicOrigin": "https://blah.com",
Here is my full oauth section:
"oauth": {
"tokenStoreFile": "config/tokens.json",
"authority": "https://blah.com/google/home/",
"publicOrigin": "https://blah.com/google/home/",
"requireSSL": true,
"signingCerts": [
{
"file": "config/signingKey.pfx",
"passPhrase": "supersecret"
}
],
"clients": [
{
"clientId": "*.apps.googleusercontent.com",
"clientSecret": "supersecret",
"clientName": "Google Actions Client",
"allowedRedirectUris": [ "https://oauth-redirect.googleusercontent.com/r/secret" ],
"refreshTokenLifetime": 365
}
],
"resources": [
{
"resourceName": "HomeAutio.Mqtt.GoogleHome"
}
],
"users": [
{
"subjectId": "00000000-0000-0000-0000-000000000000",
"username": "someone",
"password": "supersecret"
}
]
},
If you are proxying this at a different URL than the root, your authority and publicOrigin should not match. See my example. Also, Im unsure if this will make a difference, but notice mine (which works) doesn't have trailing slashes on those URLs either.
Also for your client ID I wouldn't use anything with special characters in it. I tend to use a GUID for that.
Ok, changed them to
"authority": "https://blah.com/google/home",
"publicOrigin": "https://blah.com/google/home",
but got the same problem.
Maybe something is wrong with nginx configuration?
# GoogleHome Upstream
upstream googlehome {
server 192.168.1.2:5000;
keepalive 32;
}
server {
listen 443 ssl http2;
root /config/www;
index index.html index.htm index.php;
server_name blah.com;
client_max_body_size 0;
ssl_certificate /etc/letsencrypt/live/blah.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blah.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl_prefer_server_ciphers on;
location /google/home {
allow all;
proxy_pass http://googlehome;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}
your authority and publicOrigin should not match ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"authority": "https://blah.com/google/home",
"publicOrigin": "https://blah.com",
Here is my NGinX config for this:
Note the proxy_buffers need to be jacked a bit for some of the edit screens surprisingly... but this is just something you might run into later, but I recommend putting in.
location /google/home {
allow all;
proxy_pass http://x.x.x.x:5000;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffers 8 16k;
proxy_buffer_size 16k;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $host;
}
I am unfamiliar with the upstream usage there, but Im assuming this is equivalent.
I think something is wrong with my credential setup. Should I setup anything in OAuth consent screen(Google)? When trying to add device via google home app I get this message:
blah.com normally uses encryption to protect your information. When Google Chrome tried to connect to blah.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be blah.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit blah.com right now because the website uses HSTS.
It was incorrect nginx setup leading to wrong subdomain. You can close this
I'm facing the same problem as issue #32. My
ASPNETCORE_PATHBASE
is set to /google/home Tried this as you instructedbut it is not working. I get google error that connection is not private.