search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
23.79k stars 3.27k forks source link

SignUp via Google gives OAuthAccountNotLinked error #5397

Open ikoichi opened 1 year ago

ikoichi commented 1 year ago

Provider type

Google

Environment

System: OS: macOS 12.3 CPU: (10) arm64 Apple M1 Pro Memory: 140.63 MB / 32.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 16.15.1 - ~/.nvm/versions/node/v16.15.1/bin/node Yarn: 1.22.19 - ~/.nvm/versions/node/v16.15.1/bin/yarn npm: 8.11.0 - ~/.nvm/versions/node/v16.15.1/bin/npm Browsers: Brave Browser: 105.1.43.89 Chrome: 105.0.5195.125 Safari: 15.4 npmPackages: next: ^12.1.4 => 12.1.4 next-auth: ^4.10.3 => 4.10.3 react: ^18.0.0 => 18.0.0

Reproduction URL

https://gist.github.com/ikoichi/d1862344b7f41975481f9686578d74f4

Describe the issue

Only one user in this project (58 signed up with no issues), is not able to signup to my web app using Google and the provider.

I activated the debug mode and collect the logs:

[next-auth][debug][CREATE_STATE]
[next-auth][debug][CREATE_PKCE_CHALLENGE_VERIFIER] {
  code_challenge: 'xxx,
  code_challenge_method: 'S256',
  code_verifier: 'xxx',
  PKCE_MAX_AGE: 900
}
[next-auth][debug][GET_AUTHORIZATION_URL] { ... }
[next-auth][debug][OAUTH_CALLBACK_RESPONSE] { ...user profile, account, OAuthProfile, here... }
[next-auth][debug][adapter_getUserByAccount]
[next-auth][debug][adapter_getUserByAccount]
[next-auth][debug][adapter_getUserByEmail]
GET /api/auth/callback/google?paramters....
GET /api/auth/error?error=OAuthAccountNotLinked

In the User table I find the row related to the user, but no row is present in the Account table for this user.

How to reproduce

Sign in is performed using

signIn("google", {
      callbackUrl: window?.location ? `${window.location.origin}/app` : "",
})

It is very difficult to reproduce, as it happens only for this specific user (as of now).

Expected behavior

The sign up should succeed.

palminha commented 1 year ago

I have a similar problem using AD provider: https://github.com/nextauthjs/next-auth/issues/5454

palminha commented 1 year ago

@ikoichi

Provider type

Google

Environment

System: OS: macOS 12.3 CPU: (10) arm64 Apple M1 Pro Memory: 140.63 MB / 32.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 16.15.1 - ~/.nvm/versions/node/v16.15.1/bin/node Yarn: 1.22.19 - ~/.nvm/versions/node/v16.15.1/bin/yarn npm: 8.11.0 - ~/.nvm/versions/node/v16.15.1/bin/npm Browsers: Brave Browser: 105.1.43.89 Chrome: 105.0.5195.125 Safari: 15.4 npmPackages: next: ^12.1.4 => 12.1.4 next-auth: ^4.10.3 => 4.10.3 react: ^18.0.0 => 18.0.0

Reproduction URL

https://gist.github.com/ikoichi/d1862344b7f41975481f9686578d74f4

Describe the issue

Only one user in this project (58 signed up with no issues), is not able to signup to my web app using Google and the provider.

I activated the debug mode and collect the logs:

[next-auth][debug][CREATE_STATE]
[next-auth][debug][CREATE_PKCE_CHALLENGE_VERIFIER] {
  code_challenge: 'xxx,
  code_challenge_method: 'S256',
  code_verifier: 'xxx',
  PKCE_MAX_AGE: 900
}
[next-auth][debug][GET_AUTHORIZATION_URL] { ... }
[next-auth][debug][OAUTH_CALLBACK_RESPONSE] { ...user profile, account, OAuthProfile, here... }
[next-auth][debug][adapter_getUserByAccount]
[next-auth][debug][adapter_getUserByAccount]
[next-auth][debug][adapter_getUserByEmail]
GET /api/auth/callback/google?paramters....
GET /api/auth/error?error=OAuthAccountNotLinked

In the User table I find the row related to the user, but no row is present in the Account table for this user.

How to reproduce

Sign in is performed using

signIn("google", {
      callbackUrl: window?.location ? `${window.location.origin}/app` : "",
})

It is very difficult to reproduce, as it happens only for this specific user (as of now).

Expected behavior

The sign up should succeed.

see a workaround here: https://github.com/nextauthjs/next-auth/issues/4907#issuecomment-1262170386

palminha commented 1 year ago

@ikoichi try to replicate what i did in https://github.com/nextauthjs/next-auth/issues/5454#issuecomment-1262066494

ikoichi commented 1 year ago

hi @palminha I have some production users on the DB so I can't delete them. But I'll try to control the account fields through the linkAccount event. The strange thing is that the error occurs only with a specific Google user (at the moment), while the others, myself included, are able to correctly sign in.

Why there should be additional fields?

palminha commented 1 year ago

hi @ikoichi that happened to me in production... I had some users that were working ok and others don't.

It seems that for certain users that tried to login when the new parameters were introduced by the provider, the Database entries for that user are in an "invalid" state, making it impossible for that user to login again.

for the users that already logged in, the DB is ok, and they are able to go.

there is an exception thrown by next-auth when users try to login for the first time (see here: https://github.com/nextauthjs/next-auth/issues/5460 ) after that every time they will try to login, the process silently fails.

ikoichi commented 1 year ago

thanks @palminha

may I ask you for more details about how you fixed that? per my understanding, you defined a custom linkAccount event and you mapped the input params, is it correct?

elie222 commented 9 months ago

I ran into this issue. Clearing cache data in the browser worked for me to allow the user to log back in. Seems like log out isn't wiping everything which is what causes the issue.

rezafarooque736 commented 8 months ago

when i was trying to login using same gmail id, which i used for creation of oauth login. without login redirect to login page everytime, means the same error.

lastly, used different Gmail id to login logged in successfully.

it works for me, using of different gmail id/