id token not issued by correct provider - expected: https://accounts.google.com

srameshr commented 4 years ago

New Issue Checklist

[ x] I am not disclosing a vulnerability.
[x ] I am not just asking a question.
[x ] I have searched through existing issues.
[x ] I can reproduce the issue with the latest version of Parse Server.

Issue Description

oAuth login with Google fails because the TOKEN_ISSUER constant expects Google clientId passed inside Parse server init to have a different domain name than whats provided by Google.

if (jwtClaims.iss !== TOKEN_ISSUER) {
  throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
}

Steps to reproduce

new ParseServer({
   ...yourOptions,
  auth: {
    google: {
      clientId: 'XXX-XXX.apps.googleusercontent.com',
    }
  }
});

Parse.User.linkWith('google', { authData: {id, client_id, access_token } });

Actual Outcome

verbose: RESPONSE from [POST] /parse/functions/post_sign_in: {
  "response": {
    "result": {
      "data": {
        "message": "id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com",
        "code": 101
      }
    }
  }
error: Parse error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com {"code":101,"stack":"Error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com\n    at verifyIdToken (node_modules/parse-server/lib/Adapters/Auth/google.js:91:11)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async Promise.all (index 0)"}

Expected Outcome

Should login the user and provide sessionToken.

Environment

Server

Parse Server version: 4.3.0
Operating system: Mac OS
Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): localhost

Database

System (MongoDB or Postgres): Mongo
Database version: 4.XX
Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): localhost

Client

SDK (iOS, Android, JavaScript, PHP, Unity, etc): JS
SDK version: 1.8.0

Logs

verbose: RESPONSE from [POST] /parse/functions/post_sign_in: {
  "response": {
    "result": {
      "data": {
        "message": "id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com",
        "code": 101
      }
    }
  }
error: Parse error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com {"code":101,"stack":"Error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com\n    at verifyIdToken (node_modules/parse-server/lib/Adapters/Auth/google.js:91:11)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async Promise.all (index 0)"}

srameshr commented 4 years ago

@SebC99 Is this because of your recent commits? Any chance we can revert the commit to stop all these breaking cases?

SebC99 commented 4 years ago

@srameshr there's already a merged PR for this one: #6836

parse-community / parse-server