search

iMerica / dj-rest-auth

Authentication for Django Rest Framework
https://dj-rest-auth.readthedocs.io/en/latest/index.html
MIT License
1.64k stars 306 forks source link

Google Social Login Server Error #467

Open Willem-Nieuwoudt opened 1 year ago

Willem-Nieuwoudt commented 1 year ago

I am using dj-rest-auth version 2.2.5 in my Django application.

When I get the access code back from the google OAUTH2 url and post that code to the google login api endpoint it logs me in as expected, returning the jwt tokens.

However if i just post any random value or incorrect code to the google login api endpoint(using the code field) it throws a 500 error instead of a validation error like "Invalid code". This is the last bit of the trace:

File "/usr/local/lib/python3.9/site-packages/rest_framework/serializers.py", line 227, in is_valid
self._validated_data = self.run_validation(self.initial_data)
File "/usr/local/lib/python3.9/site-packages/rest_framework/serializers.py", line 429, in run_validation
value = self.validate(value)
File "/usr/local/lib/python3.9/site-packages/dj_rest_auth/registration/serializers.py", line 133, in validate
token = client.get_access_token(code)
File "/usr/local/lib/python3.9/site-packages/allauth/socialaccount/providers/oauth2/client.py", line 91, in get_access_token
raise OAuth2Error("Error retrieving access token: %s" % resp.content)
allauth.socialaccount.providers.oauth2.client.OAuth2Error: Error retrieving access token: b'{\n  "error": "invalid_grant",\n  "error_description": "Bad Request"\n}'
Altroo commented 1 year ago

Same issue here : https://github.com/iMerica/dj-rest-auth/issues/465

Willem-Nieuwoudt commented 1 year ago

Altroo, I checked your issue and I don't think it's the same as far as I can tell.

Altroo commented 1 year ago

@Willem-Nieuwoudt my bad, true they don't look the same, different error but both are triggered in site-packages/dj_rest_auth/registration/serializers.py in your case in is_valid & mine in validate.

Maybe it is the same error, different config settings ?

Could you please provide your config settings?

Willem-Nieuwoudt commented 1 year ago

@Altroo Sure thing

ACCOUNT_AUTHENTICATION_METHOD = 'email' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_UNIQUE_EMAIL = True ACCOUNT_USERNAME_REQUIRED = False ACCOUNT_USER_MODEL_USERNAME_FIELD = None ACCOUNT_EMAIL_VERIFICATION = 'mandatory'

Those are the only settings I really use at the moment for auth.

I see someone made a comment on your post with a screenshot of exactly the same issue that im having. I'll just leave a comment there to let them know about this post in case you don't have the same issue as us.

I essentially tracked down the error to the get_access_token function in the SocialLoginSerializer's validate method. The way i'm "fixing" it at the moment is to override the serializer and wrap the get_access_token function in a try except and then just return a validation error if it throws the error that im getting. Something like this:

try:
    token = client.get_access_token(code)
except OAuth2Error:
    raise serializers.ValidationError(
        _("Invalid access token"),
    )

Would be nice to have some input from people if this is an okay solution or not really.

NyllRE commented 1 year ago

may I know what the google login api endpoint is?

wanglophile commented 1 year ago

try: token = client.get_accesstoken(code) except OAuth2Error: raise serializers.ValidationError( ("Invalid access token"), )

@Willem-Nieuwoudt Can you clarify if this actually solves the issue and allows for Google logins and registers?

Edit: Reverting per @Altroo's answer here fixed it for me: https://github.com/iMerica/dj-rest-auth/issues/465

Altroo commented 1 year ago

@Willem-Nieuwoudt @wanglophile check https://github.com/iMerica/dj-rest-auth/issues/465