search

kettari / authgoogle

Google Authentication Plugin for DokuWiki
13 stars 17 forks source link

'OAuth 2.0 access token has expired, and a refresh token is not available.' error #30

Closed andy-taylor-sift closed 9 years ago

andy-taylor-sift commented 9 years ago

Hello,

I think the merge of this fix:

https://github.com/kettari/authgoogle/pull/26

has partially broken the module. The initial login works fine, but after a few hours (so presumably once the session times out?) we see this error:

Fatal error: Uncaught exception 'Google_AuthException' with message 'The OAuth 2.0 access token has expired, and a refresh token is not available. Refresh tokens are not returned for responses that were auto-approved.' in /data/dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php:221 Stack trace: #0 /data/dokuwiki/lib/plugins/authgoogle/google/service/Google_ServiceResource.php(167): Google_OAuth2->sign(Object(Google_HttpRequest)) #1 /data/dokuwiki/lib/plugins/authgoogle/google/contrib/Google_Oauth2Service.php(36): Google_ServiceResource->__call('get', Array) #2 /data/dokuwiki/lib/plugins/authgoogle/auth.php(116): Google_UserinfoServiceResource->get() #3 /data/dokuwiki/inc/auth.php(109): auth_plugin_authgoogle->trustExternal('', '', false) #4 /data/dokuwiki/inc/init.php(221): auth_setup() #5 /data/dokuwiki/doku.php(29): require_once('/data/dokuwiki/...') #6 {main} thrown in/data/dokuwiki/lib/plugins/authgoogle/google/auth/Google_OAuth2.php on line 221

The only way to get around it is to delete the session cookies. I think this is due to the change of access type to 'online' and approval prompt to 'auto'. I think this means we don't get a refresh token from Google when we log in, which means we can't then obtain another access token when the initial one expires.

To get around this for now I've commented out the following in auth.php:

        $client->setAccessType('online');
        $client->setApprovalPrompt('auto');

which reintroduces the Google asking for approval on each login issue, but at least it means sessions won't completely break after a few hours.

vivlab commented 9 years ago

Hello, Is there now a workaround for this issue ? Thanks for your answer.

alephnull commented 9 years ago

The quick fix above does allow access without having to purge cookies. We use Google Apps and this bug affects only some users. The distribution seems to be random.

joska commented 9 years ago

I think this issue is related to users who are switching between multiple Google accounts. This pullrequest should fix it: https://github.com/kettari/authgoogle/pull/34

joubertredrat commented 9 years ago

Hi guys,

I tested PR https://github.com/kettari/authgoogle/pull/34 here, works fine

kettari commented 9 years ago

Merged.