saschafoerster
commented
8 months ago I got the same error. :)
Closed graphiostudio closed 8 months ago
saschafoerster
commented
8 months ago I got the same error. :)
towfiqi
commented
8 months ago Can you guys please make sure:
https://myserpbear.com/ then the redirect URL should be: https://myserpbear.com/api/adwords.If you have set it up correctly, and it still does not work, try creating the AdWords accounts first by following steps 4 and 5 of the documentation.
saschafoerster
commented
8 months ago I have already an Adwords account. Does it need to be a new one? I will test ASAP.
towfiqi
commented
8 months ago You need 2 AdWords accounts, a test account, and a manager account.
bananasplit8041
commented
8 months ago same problem here, cant fix it with the 2 adword accounts etc
m4nug
commented
8 months ago same here. Fresh install of SerpBear, did everything like described in the docs but after the oauth2 flow:
Error Saving the Google Ads Refresh Token. Please Try Again!
Logs show:
[0] [Error] Getting Google Ads Refresh Token!
[0] error : GaxiosError: invalid_grant
[0] at Gaxios._request (/app/node_modules/gaxios/build/src/gaxios.js:142:23)
[0] at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[0] at async OAuth2Client.getTokenAsync (/app/node_modules/google-auth-library/build/src/auth/oauth2client.js:137:21)
[0] at async getAdwordsRefreshToken (/app/.next/server/pages/api/adwords.js:143:27)
[0] at async Object.apiResolver (/app/node_modules/next/dist/server/api-utils/node.js:366:9)
[0] at async NextNodeServer.runApi (/app/node_modules/next/dist/server/next-server.js:481:9)
[0] at async Object.fn (/app/node_modules/next/dist/server/next-server.js:741:37)
[0] at async Router.execute (/app/node_modules/next/dist/server/router.js:252:36)
[0] at async NextNodeServer.run (/app/node_modules/next/dist/server/base-server.js:365:29)
[0] at async NextNodeServer.handleRequest (/app/node_modules/next/dist/server/base-server.js:303:20) {
[0] config: {
[0] method: 'POST',
[0] url: 'https://oauth2.googleapis.com/token',
[0] data: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
[0] headers: {
[0] 'Content-Type': 'application/x-www-form-urlencoded',
[0] 'User-Agent': 'google-api-nodejs-client/9.6.3',
[0] 'x-goog-api-client': 'gl-node/20.11.1'
[0] },
[0] paramsSerializer: [Function: paramsSerializer],
[0] body: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
[0] validateStatus: [Function: validateStatus],
[0] responseType: 'unknown',
[0] errorRedactor: [Function: defaultErrorRedactor]
[0] },
[0] response: {
[0] config: {
[0] method: 'POST',
[0] url: 'https://oauth2.googleapis.com/token',
[0] data: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
[0] headers: [Object],
[0] paramsSerializer: [Function: paramsSerializer],
[0] body: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
[0] validateStatus: [Function: validateStatus],
[0] responseType: 'unknown',
[0] errorRedactor: [Function: defaultErrorRedactor]
[0] },
[0] data: { error: 'invalid_grant', error_description: 'Bad Request' },
[0] headers: {
[0] 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
[0] 'cache-control': 'no-cache, no-store, max-age=0, must-revalidate',
[0] 'content-encoding': 'gzip',
[0] 'content-type': 'application/json; charset=utf-8',
[0] date: 'Thu, 07 Mar 2024 13:30:13 GMT',
[0] expires: 'Mon, 01 Jan 1990 00:00:00 GMT',
[0] pragma: 'no-cache',
[0] server: 'scaffolding on HTTPServer2',
[0] 'transfer-encoding': 'chunked',
[0] vary: 'Origin, X-Origin, Referer',
[0] 'x-content-type-options': 'nosniff',
[0] 'x-frame-options': 'SAMEORIGIN',
[0] 'x-xss-protection': '0'
[0] },
[0] status: 400,
[0] statusText: 'Bad Request',
[0] request: { responseURL: 'https://oauth2.googleapis.com/token' }
[0] },
[0] error: undefined,
[0] status: 400,
[0] [Symbol(gaxios-gaxios-error)]: '6.3.0'
[0] }Can you guys please make sure:
- You have enabled the Google Ads API.
- In the oAuth Consent screen setup, you inserted the right redirect URI. If your serpbear instance URL is
https://myserpbear.com/then the redirect URL should be:https://myserpbear.com/api/adwords.If you have set it up correctly, and it still does not work, try creating the AdWords accounts first by following steps 4 and 5 of the documentation.
Yes Google Ads API is enabled. Yes oauth redirect URI is correct. Did try to go ahead and do step 4 & 5 first, but another try to connect with Google Ads afterwards resulted with the same error.
towfiqi
commented
8 months ago Ok, I just ran a test with a fresh Google account. It worked fine. I didn't need to create the Google ads accounts. What I did differently is
NEXT_PUBLIC_APP_URL environment variable matches the app URL in the browser address bar.Can you please try the above?
m4nug
commented
8 months ago Ok, I just ran a test with a fresh Google account. It worked fine. I didn't need to create the Google ads accounts. What I did differently is
- Make sure, the docker instance's
NEXT_PUBLIC_APP_URLenvironment variable matches the app URL in the browser address bar.- Went to the Google OAuth Consent Edit screen and clicked the "Publish" button.
Can you please try the above?
towfiqi
commented
8 months ago I captured the whole client id and client secret creation process. Please watch the video and see if you are doing anything wrong: https://erevanto.sirv.com/videos/serpbear_adwords_step1.mp4
bananasplit8041
commented
8 months ago I missed to publish the application, this step was missing at https://docs.serpbear.com/miscellaneous/integrate-google-ads and I set the NEXT_PUBLIC_APP_URL on fly.io and now it's working! !
m4nug
commented
8 months ago I captured the whole process client id and client secret creation process. Please watch the video and see if you are doing anything wrong: https://erevanto.sirv.com/videos/serpbear_adwords_step1.mp4
I did everything exactly like in the video but still having the error. I will try it with a fresh Google account now.
@bananasplit8041 do you run it on localhost?
Raxiel1987
commented
8 months ago i have the same problem, i'm on http not "s" and can't publish the app, maybe this is the problem?
towfiqi
commented
8 months ago You don't have to have a https URL to publish the app. Notice in the video I shared, I used a non-https URL. What error do you get when you try to publish the consent screen?
bananasplit8041
commented
8 months ago I captured the whole process client id and client secret creation process. Please watch the video and see if you are doing anything wrong: https://erevanto.sirv.com/videos/serpbear_adwords_step1.mp4
I did everything exactly like in the video but still having the error. I will try it with a fresh Google account now.
@bananasplit8041 do you run it on localhost?
no i run it on fly.io!
now I'm failing at the dev token: ] [ERROR] Google Ads Response : The developer token is only approved for use with test accounts. To access non-test accounts, apply for Basic or Standard access.
EDIT: now its working! need to click on https://ads.google.com/nav/selectaccount?sf=mt Add account and copy the ID
wow, magic! really like this tool!!
Raxiel1987
commented
8 months ago You don't have to have a https URL to publish the app. Notice the video I shared, I used a non-https URL. What error do you get when you try to publish the consent screen?
i have error on consent screen that public must have https and cannot publish on htttp
anyway in http://localhost i can publish the app but the error remains
Raxiel1987
commented
8 months ago no matther what i do.. i can't save that fucking google ads credential i've successfully saved google search console but cannot save ads, that i need to scraping the keyword and use it for my clients
MyWay
commented
8 months ago I have tried running it locally, just to ensure it's not a Google account setting and it works. Behind a reverse proxy (domain with private ip associated) for me it doesn't.
towfiqi
commented
8 months ago @MyWay Go to Google Cloud Dashboard > API & Services > Credentials > OAuth Consent Screen, click the "Edit App" button, and try adding your domain in the "Authorized Domains" section. Then wait a few minutes or an hour and try again.
MyWay
commented
8 months ago I did that already, but it doesn't work.
towfiqi
commented
8 months ago @MyWay Did you check the log? What error do you get?
MyWay
commented
8 months ago Sometimes I get the same error as reported by others, sometimes I get redirect_uri_mismatch, though the uri is correct and I did set the same https://domain to NEXT_PUBLIC_APP_URL.
m4nug
commented
8 months ago Setting up the Google Cloud project and API with a different Google account didn't help, still the same error. I'm also using the app with a reverse proxy.
MyWay
commented
8 months ago For those using a reverse proxy who don't want to wait for an official fix, I solved by running another instance on the fly locally, on localhost (using the same data for SECRET and so on, otherwise serpbear won't be able to decrypt data anymore) and then copied the settings.json from the local working instance to the remote one.
Please backup everything before proceeding. And remember to stop your instance before moving things. I cannot guarantee it will work for you too. I did test it on docker + reverse proxy.
towfiqi
commented
8 months ago @MyWay I am not well-versed with reverse proxy stuff. Can you see if this helps: https://groups.google.com/g/securesocial/c/eoe3eiZ80_8?pli=1
m4nug
commented
8 months ago I have written numerous OAuth2 integrations for various APIs, and we have never had to make any modifications to connect from localhost or production. I'll have a look at your code when i find time today.
towfiqi
commented
8 months ago @m4nug That would be very much appreciated!
graphiostudio
commented
8 months ago I tried all of the above. I was on Synology/docker/reverse proxy, all steps were done as instructed, env variables were ok, app published, etc... still got the same error.
Deployed fresh on a DO droplet, assigned domain, SSL, and all, everything was done properly again with a new Google account/ new ads account, yet still getting the same error. So, clearly, something is wrong here.
towfiqi
commented
8 months ago @graphiostudio Are you getting the same invalid_grant error in the DO droplet or is it something different?
Is your Google account a workspace account with a custom domain or xxx@gmail.com account?
Is your Google Cloud account fully active and have a credit card linked?
graphiostudio
commented
8 months ago @graphiostudio Are you getting the same invalid_grant error in the DO droplet or is it something different?
Is your Google account a workspace account with a custom domain or
xxx@gmail.comaccount? Is your Google Cloud account fully active and have a credit card linked?
cards linked to both accounts. first try was with gmail.com account, second one is a custom domain/workspace account.
I was getting the same error, then I played around with URLs, and SSL a bit and now getting this, but when I use correct URLs and SSL, still keeps getting the previous error. Hope it helps.
2024-03-08T09:17:59.739546640Z [0] [Error] Getting Google Ads Refresh Token!
2024-03-08T09:17:59.744534061Z [0] error : GaxiosError: redirect_uri_mismatch
2024-03-08T09:17:59.744570824Z [0] at Gaxios._request (/app/node_modules/gaxios/build/src/gaxios.js:142:23)
2024-03-08T09:17:59.744578656Z [0] at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2024-03-08T09:17:59.744585518Z [0] at async OAuth2Client.getTokenAsync (/app/node_modules/google-auth-library/build/src/auth/oauth2client.js:137:21)
2024-03-08T09:17:59.744592126Z [0] at async getAdwordsRefreshToken (/app/.next/server/pages/api/adwords.js:143:27)
2024-03-08T09:17:59.744616293Z [0] at async Object.apiResolver (/app/node_modules/next/dist/server/api-utils/node.js:366:9)
2024-03-08T09:17:59.744623272Z [0] at async NextNodeServer.runApi (/app/node_modules/next/dist/server/next-server.js:481:9)
2024-03-08T09:17:59.744629923Z [0] at async Object.fn (/app/node_modules/next/dist/server/next-server.js:741:37)
2024-03-08T09:17:59.744636501Z [0] at async Router.execute (/app/node_modules/next/dist/server/router.js:252:36)
2024-03-08T09:17:59.744643045Z [0] at async NextNodeServer.run (/app/node_modules/next/dist/server/base-server.js:365:29)
2024-03-08T09:17:59.744649529Z [0] at async NextNodeServer.handleRequest (/app/node_modules/next/dist/server/base-server.js:303:20) {
2024-03-08T09:17:59.744656133Z [0] config: {
2024-03-08T09:17:59.744662381Z [0] method: 'POST',
2024-03-08T09:17:59.744668816Z [0] url: 'https://oauth2.googleapis.com/token',
2024-03-08T09:17:59.744675399Z [0] data: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
2024-03-08T09:17:59.744682521Z [0] headers: {
2024-03-08T09:17:59.744688856Z [0] 'Content-Type': 'application/x-www-form-urlencoded',
2024-03-08T09:17:59.744695221Z [0] 'User-Agent': 'google-api-nodejs-client/9.6.3',
2024-03-08T09:17:59.744701496Z [0] 'x-goog-api-client': 'gl-node/20.11.1'
2024-03-08T09:17:59.744707753Z [0] },
2024-03-08T09:17:59.744713876Z [0] paramsSerializer: [Function: paramsSerializer],
2024-03-08T09:17:59.744720222Z [0] body: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
2024-03-08T09:17:59.744727110Z [0] validateStatus: [Function: validateStatus],
2024-03-08T09:17:59.744733576Z [0] responseType: 'unknown',
2024-03-08T09:17:59.744739981Z [0] errorRedactor: [Function: defaultErrorRedactor]
2024-03-08T09:17:59.744746281Z [0] },
2024-03-08T09:17:59.744752412Z [0] response: {
2024-03-08T09:17:59.744758605Z [0] config: {
2024-03-08T09:17:59.744764828Z [0] method: 'POST',
2024-03-08T09:17:59.744770956Z [0] url: 'https://oauth2.googleapis.com/token',
2024-03-08T09:17:59.744777302Z [0] data: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
2024-03-08T09:17:59.744784028Z [0] headers: [Object],
2024-03-08T09:17:59.744790188Z [0] paramsSerializer: [Function: paramsSerializer],
2024-03-08T09:17:59.744797926Z [0] body: '<<REDACTED> - See `errorRedactor` option in `gaxios` for configuration>.',
2024-03-08T09:17:59.744804673Z [0] validateStatus: [Function: validateStatus],
2024-03-08T09:17:59.744811056Z [0] responseType: 'unknown',
2024-03-08T09:17:59.744817375Z [0] errorRedactor: [Function: defaultErrorRedactor]
2024-03-08T09:17:59.744829315Z [0] },
2024-03-08T09:17:59.744835806Z [0] data: {
2024-03-08T09:17:59.744841971Z [0] error: 'redirect_uri_mismatch',
2024-03-08T09:17:59.744848554Z [0] error_description: 'Bad Request'
2024-03-08T09:17:59.744854752Z [0] },
2024-03-08T09:17:59.744860929Z [0] headers: {
2024-03-08T09:17:59.744867392Z [0] 'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
2024-03-08T09:17:59.744874047Z [0] 'cache-control': 'no-cache, no-store, max-age=0, must-revalidate',
2024-03-08T09:17:59.744880272Z [0] 'content-encoding': 'gzip',
2024-03-08T09:17:59.744886437Z [0] 'content-type': 'application/json; charset=utf-8',
2024-03-08T09:17:59.744892709Z [0] date: 'Fri, 08 Mar 2024 09:17:59 GMT',
2024-03-08T09:17:59.744899001Z [0] expires: 'Mon, 01 Jan 1990 00:00:00 GMT',
2024-03-08T09:17:59.744905393Z [0] pragma: 'no-cache',
2024-03-08T09:17:59.744911494Z [0] server: 'scaffolding on HTTPServer2',
2024-03-08T09:17:59.744917796Z [0] 'transfer-encoding': 'chunked',
2024-03-08T09:17:59.744924153Z [0] vary: 'Origin, X-Origin, Referer',
2024-03-08T09:17:59.744930398Z [0] 'x-content-type-options': 'nosniff',
2024-03-08T09:17:59.744936529Z [0] 'x-frame-options': 'SAMEORIGIN',
2024-03-08T09:17:59.744942889Z [0] 'x-xss-protection': '0'
2024-03-08T09:17:59.744949258Z [0] },
2024-03-08T09:17:59.744955402Z [0] status: 400,
2024-03-08T09:17:59.744961574Z [0] statusText: 'Bad Request',
2024-03-08T09:17:59.744967844Z [0] request: { responseURL: 'https://oauth2.googleapis.com/token' }
2024-03-08T09:17:59.744974220Z [0] },
2024-03-08T09:17:59.744980446Z [0] error: undefined,
2024-03-08T09:17:59.744986715Z [0] status: 400,
2024-03-08T09:17:59.744992944Z [0] [Symbol(gaxios-gaxios-error)]: '6.3.0'
2024-03-08T09:17:59.744999327Z [0] }@graphiostudio Can you make sure your NEXT_PUBLIC_APP_URL env variable matches your DO Sperbear instance URL?
graphiostudio
commented
8 months ago @graphiostudio Can you make sure your
NEXT_PUBLIC_APP_URLenv variable matches your DO Sperbear instance URL?
Hi, it does match. Still same issue whatever I do.
m4nug
commented
8 months ago I did try it within the dev environment which was successful and then (of course) it also worked after I have added a reverse proxy to the dev environment... So as @towfiqi i was not able to reproduce the error in dev, so it could be related to running the app in docker. I'll investigate further.
saschafoerster
commented
8 months ago I am using Nginx as a proxy and Serpbear in docker. I tried all different things and always get the same token error as from the logs above.
dangson92
commented
8 months ago Got same error, I am trying all of these way bellow but didn't working
Running on personal server
towfiqi
commented
8 months ago @dangson92 Are you seeing redirect_uri_mismatch in the docker log? or is it invalid_grant ?
dangson92
commented
8 months ago @dangson92 Are you seeing
redirect_uri_mismatchin the docker log? or is itinvalid_grant?
I see this data: { serpbear-app-1 | [0] error: 'redirect_uri_mismatch', serpbear-app-1 | [0] error_description: 'Bad Request' serpbear-app-1 | [0] },
towfiqi
commented
8 months ago redirect_uri_mismatch means your NEXT_PUBLIC_APP_URL, your actual web app URL that you use to access the serpbear app, and the redirect URL in the Google Auth consent screen does not match. They all should match.
graphiostudio
commented
8 months ago I think what people are trying to say is (my case too), even the steps are complete, ENV set and URLs perfectly matching (ENV url=GAuth URL), a lot of people are still having the same issue. They're matching, yet I'm still getting mismatch error. 3 accounts, 3 different deployments so far, same issue.
towfiqi
commented
8 months ago @graphiostudio Your initial error was invalid_grant are you now getting the redirect_uri_mismatch error?
graphiostudio
commented
8 months ago @graphiostudio Your initial error was
invalid_grantare you now getting theredirect_uri_mismatcherror?
Yeb... Funny thing is when I was getting invalid_grant my ENV wasn't set at all (somehow didn't need it, it was localhost). When I started setting it and matching URLs I started to get redirect_uri_mismatch. Some mysterious forces are at work here...
towfiqi
commented
8 months ago when you approve the Google authentication by selecting your Google Account, you are redirected to a page that displays the error message. what is that URL? Does that URL match the redirect URL set in the Google Auth redirect setting?
graphiostudio
commented
8 months ago VIDEO REMOVED
is this correct?
2024-03-13T04:21:50.053560832Z [0] [Error] Getting Google Ads Refresh Token!
2024-03-13T04:21:50.054262365Z [0] error : GaxiosError: redirect_uri_mismatchThat's the error I'm getting...
towfiqi
commented
8 months ago can you please share a screenshot of the redirect URL you set in the Google Auth settings?
graphiostudio
commented
8 months ago can you please share a screenshot of the redirect URL you set in the Google Auth settings?
Sure.
IMAGES REMOVED
Billing is ok too, using this account actively...
towfiqi
commented
8 months ago Did you add a test user to your auth consent settings? The test user should be the user email address that you are using to authenticate the integration.
graphiostudio
commented
8 months ago Did you add a test user to your auth consent settings? The test user should be the user email address that you are using to authenticate the integration.
Yes... If I don't publish the app and add test user with same email address (I actually tried different emails as well) I'm still getting the same error. If I publish the app I don't need test users anymore, but yeah, still same results.
I thought it might be browser, caching, cookies issue and tried different clean browsers as well, same results...
towfiqi
commented
8 months ago That's very strange. All your settings are correct. I only tried the integration with localhost and not with an actual domain. However, another user mentioned, that it worked fine for them with an actual domain. I will run some tests with an actual domain and report back.
graphiostudio
commented
8 months ago That's very strange. All your settings are correct. I only tried the integration with localhost and not with an actual domain. However, another user mentioned, that it worked fine for them with an actual domain. I will run some tests with an actual domain and report back.
All good man, just letting you know because we love this project and want to see it go places!!!... Just take it as a bug report :) hope it helps for further development
dangson92
commented
8 months ago @towfiqi I think problem from the my actual domain. I check everything and all well done. The NEXT_PUBLIC_APP_URL is ok, Return url when I authenticated with google is ok
When trying to authenticate with Google Ads account, getting this: "Error Saving the Google Ads Refresh Token. Please Try Again!". Container volume is writable. Logs are as below: