search

jaredhanson / passport-google-oauth

Google authentication strategies for Passport and Node.js.
https://www.passportjs.org/packages/passport-google-oauth/?utm_source=github&utm_medium=referral&utm_campaign=passport-google-oauth&utm_content=about
MIT License
776 stars 327 forks source link

Regression since 0.2.0 #72

Closed jonathanasquier closed 8 years ago

jonathanasquier commented 9 years ago

I'm having a {"message":"failed to fetch user profile"} error while authenticating with passport-google-oauth v0.2.0.

v0.1.15 works fine.

estilles commented 9 years ago

+1 ... having the same issue.

Here's my stack trace:

createCredentials() is deprecated, use tls.createSecureContext instead
Error thrown for request: /google/callback?code=4/nYj1YF4OiWAjst_Nox9ZC9UWx4dsXVNOCaASHpugc_8.QqTj9SVyTiMUcp7tdiljKKavfXJBmAI
InternalOAuthError: failed to fetch user profile
  at /Users/johnnyestilles/Projects/temox-website/node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28
  at passBackControl (/Users/johnnyestilles/Projects/temox-website/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9)
  at IncomingMessage.<anonymous> (/Users/johnnyestilles/Projects/temox-website/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
  at IncomingMessage.emit (events.js:129:20)
  at _stream_readable.js:908:16
  at process._tickCallback (node.js:355:11)

Are there any migration requirements/instructions to 0.2.0?

clundberg commented 9 years ago

+1 -- having exact same issue: (And yes, this was working on prior versions, and yes all the correct API's are installed) 500 InternalOAuthError: failed to fetch user profile (status: 403 data: { "error": { "errors": [ { "domain": "usageLimits", "reason": "accessNotConfigured", "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.", "extendedHelp": "https://console.developers.google.com" } ], "code": 403, "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration." } } )

jaredhanson commented 9 years ago

You need to configure your application to use the Google+ API in Google's Developer Console. Otherwise it can't make the API request to fetch the user profile.

clundberg commented 9 years ago

Yes, as mentioned, did that long ago -- again, as mentioned, this was working fine until new upgrade. Yes, I know that's what the Google error says -- I'm suggesting that either this is a temporary Google auth issue, or some difference in an API endpoint, etc, etc, etc. image

guyellis commented 9 years ago

Receiving the same error. I did not have Google+ API enabled so I enabled it and tried again but still getting the same error.

franck34 commented 9 years ago

same here

franck34 commented 9 years ago 
{
    "statusCode": "403",
    "data": {
        "error": {
            "errors": [
                {
                    "domain": "usageLimits",
                    "reason": "accessNotConfigured",
                    "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
                    "extendedHelp": "https://console.developers.google.com"
                }
            ],
            "code": 403,
            "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration."
        }
    }
}

On my side, Google+ API was not activated. After activation, need to wait 5mn before it works.

thanks @jaredhanson

ghost commented 9 years ago

Worked for me too--after waiting five minutes.

guyellis commented 9 years ago

Just tried again now, 23 hours after changing it, but no luck.

rooftopsparrow commented 9 years ago

Same here. Everything configured correctly in 0.1.5 and now broken in 0.2.0

knightcode commented 9 years ago

Adding Google+ API worked for me.

eviltik commented 9 years ago

@guyellis @rooftopsparrow please provide json google response so we can help ?

rooftopsparrow commented 9 years ago

I get the flow below by updating to 0.2.0 without any configuration or code changes. The only scopes I'm requiring are the userinfo.profile and the userinfo.email scopes. These scopes are deprecated

According to the deprecation schedule ( yet to be determined, see the * text ), I should not need to have Google+ API configured for my apps until that date has passed. But this is up to the authors and maintainers to decided whether or not this is true, but I would consider at least putting in a deprecation warning or making it very clear in the docs which scopes/features are valid for a given version.

Let me know if I can get any more information for you.

Thanks for all the work you do with OAuth: its such a pain :smile:

using 0.1.5

GET /api/auth/google HTTP/1.1
    host: example.com
    connection: close
    accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10
    accept-language: en-us
    referer: http://example.com/
    accept-encoding: gzip, deflate
    --
    HTTP/1.1 302 Moved Temporarily
    HTTP/1.1 302 Moved Temporarily
    Location: https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=http%3A%2F%2Fexample.com%3A8080%2Fapi%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&client_id=somehash.apps.googleusercontent.com
    Content-Length: 0
    Date: Tue, 24 Mar 2015 02:55:00 GMT
    Connection: close

GET /api/auth/google/callback?code=4/somehash HTTP/1.1
    host: example.com
    connection: close
    accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    origin: https://accounts.google.com
    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10
    accept-language: en-us
    accept-encoding: gzip, deflate
    --
    HTTP/1.1 302 Moved Temporarily
    HTTP/1.1 302 Moved Temporarily
    Location: /
    Vary: Accept
    Content-Type: text/html; charset=UTF-8
    Content-Length: 58
    Date: Tue, 24 Mar 2015 02:55:06 GMT
    Connection: close

then installing 0.2.0 

GET /api/auth/google HTTP/1.1
    host: example.com
    connection: close
    accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10
    accept-language: en-us
    referer: http://example.com/
    accept-encoding: gzip, deflate
    --
    HTTP/1.1 302 Moved Temporarily
    HTTP/1.1 302 Moved Temporarily
    Location: https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=http%3A%2F%2Fexample.com%3A8080%2Fapi%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&client_id=somehash.apps.googleusercontent.com
    Content-Length: 0
    Date: Tue, 24 Mar 2015 02:59:14 GMT
    Connection: close

InternalOAuthError: failed to fetch user profile (status: 403 data: {
     "error": {
      "errors": [
       {
        "domain": "usageLimits",
        "reason": "accessNotConfigured",
        "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
        "extendedHelp": "https://console.developers.google.com"
       }
      ],
      "code": 403,
      "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration."
     }
    }
    )
    at example/node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28
    at passBackControl (example/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9)
    at IncomingMessage.<anonymous> (example/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
    at IncomingMessage.emit (events.js:117:20)
    at _stream_readable.js:944:16
    at process._tickDomainCallback (node.js:492:13)

GET /api/auth/google/callback?code=4/somehash HTTP/1.1
    host: example.com
    connection: close
    accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    origin: https://accounts.google.com
    user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10
    accept-language: en-us
    accept-encoding: gzip, deflate
    --
    HTTP/1.1 500 Internal Server Error
    HTTP/1.1 500 Internal Server Error
    X-Content-Type-Options: nosniff
    Content-Type: text/html; charset=utf-8
    Date: Tue, 24 Mar 2015 02:59:28 GMT
    Connection: close
jaredhanson commented 9 years ago

You need to enable Google+ when using v0.2.x, because that is the API used to fetch the profile in passport-google-oauth.

Sent from my iPhone

On Mar 23, 2015, at 8:30 PM, Jonathan Nicholson notifications@github.com wrote:

I get the flow below by updating to 0.2.0 without any configuration or code changes. The only scopes I'm requiring are the userinfo.profile and the userinfo.email scopes. These scopes are deprecated

According to the deprecation schedule ( yet to be determined, see the * text ), I should not need to have Google+ API configured for my apps until that date has passed. But this is up to the authors and maintainers to decided whether or not this is true, but I would consider at least putting in a deprecation warning or making it very clear in the docs which scopes/features are valid for a given version.

Let me know if I can get any more information for you.

Thanks for all the work you do with OAuth: its such a pain

using 0.1.5

GET /api/auth/google HTTP/1.1 host: example.com connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10 accept-language: en-us referer: http://example.com/ accept-encoding: gzip, deflate

HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
Location: https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=http%3A%2F%2Fexample.com%3A8080%2Fapi%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&client_id=somehash.apps.googleusercontent.com
Content-Length: 0
Date: Tue, 24 Mar 2015 02:55:00 GMT
Connection: close

GET /api/auth/google/callback?code=4/somehash HTTP/1.1 host: example.com connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 origin: https://accounts.google.com user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10 accept-language: en-us accept-encoding: gzip, deflate

HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
Location: /
Vary: Accept
Content-Type: text/html; charset=UTF-8
Content-Length: 58
Date: Tue, 24 Mar 2015 02:55:06 GMT
Connection: close

then installing 0.2.0

GET /api/auth/google HTTP/1.1 host: example.com connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10 accept-language: en-us referer: http://example.com/ accept-encoding: gzip, deflate

HTTP/1.1 302 Moved Temporarily
HTTP/1.1 302 Moved Temporarily
Location: https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=http%3A%2F%2Fexample.com%3A8080%2Fapi%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&client_id=somehash.apps.googleusercontent.com
Content-Length: 0
Date: Tue, 24 Mar 2015 02:59:14 GMT
Connection: close

InternalOAuthError: failed to fetch user profile (status: 403 data: { "error": { "errors": [ { "domain": "usageLimits", "reason": "accessNotConfigured", "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.", "extendedHelp": "https://console.developers.google.com" } ], "code": 403, "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration." } } ) at example/node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28 at passBackControl (example/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9) at IncomingMessage. (example/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7) at IncomingMessage.emit (events.js:117:20) at _stream_readable.js:944:16 at process._tickDomainCallback (node.js:492:13)

GET /api/auth/google/callback?code=4/somehash HTTP/1.1 host: example.com connection: close accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 origin: https://accounts.google.com user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/8.0.4 Safari/600.4.10 accept-language: en-us accept-encoding: gzip, deflate

HTTP/1.1 500 Internal Server Error
HTTP/1.1 500 Internal Server Error
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Mar 2015 02:59:28 GMT
Connection: close

— Reply to this email directly or view it on GitHub.

Alexandre-io commented 9 years ago

Adding Google+ API worked for me.

bchukiat commented 9 years ago

Enable Google + API solved my "InternalOAuthError: failed to fetch user profile". enable_google_plus_api

frosas commented 9 years ago

In my case, apart from enabling Google+ API, I also had to request the scope https://www.googleapis.com/auth/userinfo.profile

cyr-l commented 9 years ago

Same as @frosas here. Had to require the same scope (thank you BTW! ^^)

richarddavenport commented 9 years ago

I had to wait about 5 minutes for the Google + API to kick in. I'm using v. 2 and the deprecated scopes still work too.

pabx06 commented 9 years ago

got it to work too: 1)editing the callback to not null callback url => http://localhost:8080/auth/google/callback 2)changing the scope: app.get('/auth/google', passport.authenticate('google', { scope : ['https://www.googleapis.com/auth/plus.login', 'https://www.googleapis.com/auth/userinfo.email'] })); 3) waiting 15minutes

jonathanasquier commented 8 years ago

Closing guys!