Closed kdurek closed 3 months ago
actually it now changed a little, my cookie is null on callback page but properly set on auth page
So the state stored in the cookie and the one returned by Google is different? Do you see any patterns?
Thanks for the quick reply, im dealing with it for so long :D I just pushed console logs to my prod build I see that my generated google auth url
const url = await google.createAuthorizationURL(state, codeVerifier, {
scopes: ['profile', 'email'],
});
is different that the one in callback
const url = new URL(request.url);
Precisely, ?state= is different On prod I am using this package for PWA https://github.com/serwist/serwist if it make difference (I am testing on normal page, not installed one)
can you also try console logging the url
returned by createAuthorizationURL()
?
console.log(url.toString())
Yeah i consoled that, I am pasting my logs, with malformed data with alphabet numbers like aaaa
| π > _____START_AUTH_____:
| π > _____GENERATED_____:
| π > state: aaaaa
| π > codeVerifier: bbbbb
| π > url: URL {
| href: 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=sssss&state=aaaaa&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=lllll&nonce=_',
| origin: 'https://accounts.google.com',
| protocol: 'https:',
| username: '',
| password: '',
| host: 'accounts.google.com',
| hostname: 'accounts.google.com',
| port: '',
| pathname: '/o/oauth2/v2/auth',
| search: '?response_type=code&client_id=sssss&state=aaaaa&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=lllll&nonce=_',
| searchParams: URLSearchParams {
| 'response_type' => 'code',
| 'client_id' => 'sssss',
| 'state' => 'aaaaa',
| 'scope' => 'profile email openid',
| 'redirect_uri' => 'https://example.com/api/auth/google/callback',
| 'code_challenge_method' => 'S256',
| 'code_challenge' => 'lllll',
| 'nonce' => '_' },
| hash: ''
| }
| π > _____STORED_____:
| π > storedState: aaaaa
| π > storedCodeVerifier: bbbbb
| π > _____END_AUTH_____:
| π > _____START_AUTH_____:
| π > _____GENERATED_____:
| π > state: zzzzz
| π > codeVerifier: uuuuu
| π > url: URL {
| href: 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=sssss&state=zzzzz&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=bbbbb&nonce=_',
| origin: 'https://accounts.google.com',
| protocol: 'https:',
| username: '',
| password: '',
| host: 'accounts.google.com',
| hostname: 'accounts.google.com',
| port: '',
| pathname: '/o/oauth2/v2/auth',
| search: '?response_type=code&client_id=sssss&state=zzzzz&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=bbbbb&nonce=_',
| searchParams: URLSearchParams {
| 'response_type' => 'code',
| 'client_id' => 'sssss',
| 'state' => 'zzzzz',
| 'scope' => 'profile email openid',
| 'redirect_uri' => 'https://example.com/api/auth/google/callback',
| 'code_challenge_method' => 'S256',
| 'code_challenge' => 'bbbbb',
| 'nonce' => '_' },
| hash: ''
| }
| π > _____STORED_____:
| π > storedState: zzzzz
| π > storedCodeVerifier: uuuuu
| π > _____END_AUTH_____:
| π > _____START_CALLBACK_____:
| π > _____PARAMS_____:
| π > url: URL {
| href: 'https://0.0.0.0:3000/api/auth/google/callback?state=aaaaa&code=hhhhh&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none',
| origin: 'https://0.0.0.0:3000',
| protocol: 'https:',
| username: '',
| password: '',
| host: '0.0.0.0:3000',
| hostname: '0.0.0.0',
| port: '3000',
| pathname: '/api/auth/google/callback',
| search: '?state=aaaaa&code=hhhhh&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none',
| searchParams: URLSearchParams {
| 'state' => 'aaaaa',
| 'code' => 'ppppp',
| 'scope' => 'email profile https://www.googleapis.com/auth/userinfo.email openid https://www.googleapis.com/auth/userinfo.profile',
| 'authuser' => '0',
| 'prompt' => 'none' },
| hash: ''
| }
| π > code: ppppp
| π > state: aaaaa
| π > _____STORED_____:
| π > storedState: zzzzz
| π > storedCodeVerifier: uuuuu
| π > _____END_CALLBACK_____:
| π > _____START_AUTH_____:
| π > _____GENERATED_____:
| π > state: iiiii
| π > codeVerifier: ooooo
| π > url: URL {
| href: 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=sssss&state=iiiii&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=yyyyy&nonce=_',
| origin: 'https://accounts.google.com',
| protocol: 'https:',
| username: '',
| password: '',
| host: 'accounts.google.com',
| hostname: 'accounts.google.com',
| port: '',
| pathname: '/o/oauth2/v2/auth',
| search: '?response_type=code&client_id=sssss&state=iiiii&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=yyyyy&nonce=_',
| searchParams: URLSearchParams {
| 'response_type' => 'code',
| 'client_id' => 'sssss',
| 'state' => 'iiiii',
| 'scope' => 'profile email openid',
| 'redirect_uri' => 'https://example.com/api/auth/google/callback',
| 'code_challenge_method' => 'S256',
| 'code_challenge' => 'yyyyy',
| 'nonce' => '_' },
| hash: ''
| }
| π > _____STORED_____:
| π > storedState: iiiii
| π > storedCodeVerifier: ooooo
| π > _____END_AUTH_____:
| π > _____START_AUTH_____:
| π > _____GENERATED_____:
| π > state: eeeee
| π > codeVerifier: mmmmm
| π > url: URL {
| href: 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=sssss&state=eeeee&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=ccccc&nonce=_',
| origin: 'https://accounts.google.com',
| protocol: 'https:',
| username: '',
| password: '',
| host: 'accounts.google.com',
| hostname: 'accounts.google.com',
| port: '',
| pathname: '/o/oauth2/v2/auth',
| search: '?response_type=code&client_id=sssss&state=eeeee&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=ccccc&nonce=_',
| searchParams: URLSearchParams {
| 'response_type' => 'code',
| 'client_id' => 'sssss',
| 'state' => 'eeeee',
| 'scope' => 'profile email openid',
| 'redirect_uri' => 'https://example.com/api/auth/google/callback',
| 'code_challenge_method' => 'S256',
| 'code_challenge' => 'ccccc',
| 'nonce' => '_' },
| hash: ''
| }
| π > _____STORED_____:
| π > storedState: eeeee
| π > storedCodeVerifier: mmmmm
| π > _____END_AUTH_____:
| π > _____START_AUTH_____:
| π > _____GENERATED_____:
| π > state: ttttt
| π > codeVerifier: nnnnn
| π > url: URL {
| href: 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=sssss&state=ttttt&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=yyyyy&nonce=_',
| origin: 'https://accounts.google.com',
| protocol: 'https:',
| username: '',
| password: '',
| host: 'accounts.google.com',
| hostname: 'accounts.google.com',
| port: '',
| pathname: '/o/oauth2/v2/auth',
| search: '?response_type=code&client_id=sssss&state=ttttt&scope=profile+email+openid&redirect_uri=https%3A%2F%2Fexample.com%2Fapi%2Fauth%2Fgoogle%2Fcallback&code_challenge_method=S256&code_challenge=yyyyy&nonce=_',
| searchParams: URLSearchParams {
| 'response_type' => 'code',
| 'client_id' => 'sssss',
| 'state' => 'ttttt',
| 'scope' => 'profile email openid',
| 'redirect_uri' => 'https://example.com/api/auth/google/callback',
| 'code_challenge_method' => 'S256',
| 'code_challenge' => 'yyyyy',
| 'nonce' => '_' },
| hash: ''
| }
| π > _____STORED_____:
| π > storedState: ttttt
| π > storedCodeVerifier: nnnnn
| π > _____END_AUTH_____:
| π > _____START_CALLBACK_____:
| π > _____PARAMS_____:
| π > url: URL {
| href: 'https://0.0.0.0:3000/api/auth/google/callback?state=eeeee&code=vvvvv&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none',
| origin: 'https://0.0.0.0:3000',
| protocol: 'https:',
| username: '',
| password: '',
| host: '0.0.0.0:3000',
| hostname: '0.0.0.0',
| port: '3000',
| pathname: '/api/auth/google/callback',
| search: '?state=eeeee&code=vvvvv&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&authuser=0&prompt=none',
| searchParams: URLSearchParams {
| 'state' => 'eeeee',
| 'code' => 'bbbbb',
| 'scope' => 'email profile https://www.googleapis.com/auth/userinfo.email openid https://www.googleapis.com/auth/userinfo.profile',
| 'authuser' => '0',
| 'prompt' => 'none' },
| hash: ''
| }
| π > code: bbbbb
| π > state: eeeee
| π > _____STORED_____:
| π > storedState: ttttt
| π > storedCodeVerifier: nnnnn
| π > _____END_CALLBACK_____:
Seems like disabling PWA entirely fixed issue, gonna test it more and open issue on 'serwist' side probably? Will close this one if I confirm it's their fault
Package
lucia
Describe the bug
Hi, I have a problem that on ios on first login everything is okay, but every following one failing and returning blank page, because state and storedState is different. It's not working only on ios, on android, mac, windows everything seems fine. Someone have any ideas?
app/api/auth/google/route.ts
app/api/auth/google/callback/route.ts