error exchanging access code with OAuth2 provider (Google login, nodejs SDK)

[johnsaigle]

Goals

Logging into Realm via Google OAuth2

Expected Results

Successful processing of my submitted id_token from Google.

Actual Results

Login failed. Error message: {message: 'error exchanging access code with OAuth2 provider', code: 47}

Error message from MongoDB Realm logs.

Steps to Reproduce

Follow the guide from the Realm docs. (https://docs.mongodb.com/realm/authentication/google/)

Specifically I did the following:

• Create new credentials in Google developer console
• Enabled the auth provider on Realm.
• Created a client secret google that has my client secret from Google console
• Enabled all relevant callback URIS, authorized domains, etc. with Google and Realm
• Created a Google sign in button which gave me an id_token which was successfully sent and processed by NodeJS.

When running the realmApp.logIn(credentials) function, this error message appeared.

Code Sample

Front-end sending tokens to back-end

Node back-end processing (fails on line 86 with error message above)

Version of Realm and Tooling

• Realm JS SDK Version: 10.0.0-beta.9
• Node or React Native: Node
• Client OS & Version: Ubuntu 18.04 LTS
• Which debugger for React Native: n/a

[By-Ilya]

I faced with the same problem.

I'm using the following function to transfer information about a google user to Realm.

To get a response from Google I use the react-google-login library (library link). When executing app.logIn(credentials) I get such response:

As authCode I tried to use accessToken, id_token and code (using responseType='code') from Google's response, I always get the same error.

• Realm SDK version: realm-web 0.8.0
• NodeJS (with React framework)
• Client OS & Version: Mac OS 10.14.6

[kneth]

Since Realm JS and Realm Web are two different implementation, and you see the same error, we need to investigate.

[Pey-crypto]

I am facing the same error, and also the guidelines are not that clear in the docs

[romansj]

Am too facing this same error, when trying to implement Google login on Android.

[kneth]

I think it is a generic issue (not related to Realm JS but to any Realm SDK). Let's try to document it more carefully.

[FaultyJuggler]

Getting same error in swift with RealmSwift 10.0.0-beta.2

[aabeshde]

Hey all - getting a similar error with iOS and RealmSwift 10.0.0-beta.3

[RealmBot]

➤ Kenneth Geisshirt commented:

Still pending information from Google (meeting 2020-09-18 has been postponed).

[willnix86]

I get the same error on Android: "io.realm:realm-gradle-plugin:10.0.0-BETA.6"

[ianpward]

@johnsaigle Can you please update to beta.13 and see if that fixes your issue for RealmJS in the node.js environment -see https://github.com/realm/realm-js/blob/v10/CHANGELOG.md#fixed-1

For all other SDKs please open issues on the appropriate repo's please

[vegar]

@johnsaigle Can you please update to beta.13... For all other SDKs please open issues on the appropriate repo's please

I've tried to figure out what is the appropriate repos and how to update to betas without luck.

I have this issue within a create-react-app, and my project.json says realm-web: "^0.8.1". Is this the right repo? How do I update to the beta.13 version?

[ianpward]

@vegar This is the right repo but it is a different library than the original poster - can you please open a separate issue to cover this since we believe we have fixed the OP's issue for node.js and you could be experiencing a different issue. For instance, the issue @kneth mentioned on Google's side is their breaking change with redirect_uri - which manifests itself as the same symptom ("error exchanging access code with OAuth2 provider") - but the cause is separate

[johnsaigle]

@ianpward The release notes you linked point to a different GitHub issue related to Facebook authentication. Does the latest release fix both problems?

In any case, our team is pivoting to using Auth0 for authentication instead of Realm for unrelated reasons so I won't be able to allocate time to helping debug this problem.

[kneth]

The API documentation has been confusing: you should use the auth code (and not token) as parameter. We have updated it in #3267 and it will be included in the next release.

[willnix86]

The documentation also doesn't tell you that you need to use a Web Client ID / Client Secret either, so that'd be helpful to mention I should think

[delightengineit]

The API documentation has been confusing: you should use the auth code (and not token) as parameter. We have updated it in #3267 and it will be included in the next release.

@kneth - By auth code are you referring to tokenId? Or is there any other code we should be using? Can you provide a sample code snippet please?

[stanbar]

I use authCode but still getting this error {error: "error exchanging access code with OAuth2 provider", error_code: "AuthError",…}

My Google OAuth2 Client

Client ID for Web application
Authorized JavaScript origins
URI: [https://realm.mongodb.com]
Authorized redirect URIs: [
https://realm.mongodb.com/api/client/v2.0/auth/callback, 
https://realm.mongodb.com/api/client/v2.0/auth/callback, 
https://us-west-2.aws.realm.mongodb.com/api/client/v2.0/auth/callback, 
https://eu-west-1.aws.realm.mongodb.com/api/client/v2.0/auth/callback, 
https://ap-southeast-2.aws.realm.mongodb.com/api/client/v2.0/auth/callback, 
https://stitch.mongodb.com/api/client/v2.0/auth/callback]

my oauth2-google.json

{
    "id": "5fc81536e620d067d2edcfac",
    "name": "oauth2-google",
    "type": "oauth2-google",
    "config": {
        "clientId": "10571797xxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
    },
    "secret_config": {
        "clientSecret": "google_ouath_client_secret"
    },
    "disabled": false
}

client app

          <GoogleLogin
            clientId="10571797xxxx-xxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"
            buttonText="Login"
            responseType="code"
            onSuccess={(response) => {
              if (response.code) {
                loginWithGoogle(response.code);
              }
            }}
            onFailure={(response) => {/*omited*/}}
          />

  const loginWithGoogle = async (authCode: string) => {
    try {
      await app.logIn(Realm.Credentials.google(authCode));
    } catch (e) {
      console.error(e)
    }
  };

Yes, I'm using responseType="code", and I successfully receive authCode from Google. But, HTTP call of app.login looks like this

Request URL: https://stitch.mongodb.com/api/client/v2.0/app/feelings-app-pozwq/auth/providers/oauth2-google/login
Request Method: POST
Status Code: 401 
Remote Address: 52.16.113.157:443
Referrer Policy: strict-origin-when-cross-origin

{"authCode":"4/0AY0e-g6OJPnXe4KLQYWOYSkm2b6aWxxxxxxxxxxxxxxxxxxxxxxxx","options":{"device":{"sdkVersion":"1.0.0","platform":"chrome","platformVersion":"86.0.4240","deviceId":{"$oid":"5fc802b2723axxxxx"}}}}

Response

{"error":"error exchanging access code with OAuth2 provider","error_code":"AuthError","link":"https://realm.mongodb.com/groups/5f71b53f1bbd91xxxxxxxxxxxxxxxxxxxxxxxxx"}

What am I doing wrong ?

UPDATE: This old "redirectUrl" way is working correctly

    const url = `${location.protocol}//${location.host}/google-oauth-callback`;
    await app.logIn(Realm.Credentials.google(url));

But, the authCode method does not work.

[esmaeilpour]

Guess the same redirect_uri must be used for the auth code and access token, but how? 🤔

[kneth]

@esmaeilpour Please take a look at https://docs.mongodb.com/realm/web/authenticate#google-oauth - in particular the infobox about OAuth 2.0.

[Horlamedhey]

What you need is the "id_token" property from the signIn response from google. I'm using "vue-google-oauth2" package and the "await this.$gAuth.signIn()" method. Unfortunately, this method throws error that I'm closing the page, so I picked the "id_token" from the browser network request to test.

[kneth]

@Horlamedhey Please create a new issue with code to reproduce it.

[hjrobinson]

Feel free to moderate me if you like because I'm actually using the web sdk but I just got a solution today that worked for me that you can try with the nodjs sdk. Full disclosure I don't use the nodejs sdk so I don't know if it will help or if this is even an issue anymore. If I'm steering people in the wrong direction let me know. I'm just trying to help. Here is the link to the solution that works with the web sdk:

https://github.com/realm/realm-js/issues/5078