search

wagnerdelima / drf-social-oauth2

drf-social-oauth2 makes it easy to integrate Django social authentication with major OAuth2 providers, i.e., Facebook, Twitter, Google, etc.
https://drf-social-oauth2.readthedocs.io/en/latest/
MIT License
272 stars 34 forks source link

"error": "access_denied", "error_description": "Your credentials aren't allowed" #191

Closed juanthehuman closed 1 year ago

juanthehuman commented 1 year ago

POSTMAN

POST http://localhost:8000/auth/convert-token Body x-www-form-urlencoded client_id= client_secret= token=<(jwt credential from the frontend)> grant_type=convert_token backend=google-oauth2

chandsharma commented 1 year ago

same issue here on calling `convert-token' image

wagnerdelima commented 1 year ago

This is not replicable. Please add more information.

chandsharma commented 1 year ago

React frontend side library used is @react-oauth/google.


    console.log(response)
    var decoded = jwt_decode(response.credential);
    console.log(decoded)
    googleBackCall(decoded,response)
  }

<GoogleOAuthProvider clientId="xxxxxxxxxxxxx.apps.googleusercontent.com"> //I put actual double checked client id
                <GoogleLogin
                  onSuccess={responseGoogle}
                  onFailure={() => console.log("login cancled")}
                  onError={() => {
                    console.log('Login Failed');
                  }}
                />
              </GoogleOAuthProvider>```
onSuccess an API call is made to the Django backend to get backend application token, 
`js import axios from 'axios'

const googleLogin = (accessToken,response) => {
   console.log(accessToken)
axios.post('http://localhost:8000/auth/convert-token',{
    token: accessToken.jti,
    email:accessToken.email,
    first_name:accessToken.given_name,
    last_name:accessToken.family_name,
    backend: 'google-oauth2',
    grant_type: 'convert_token',
    client_id: 'LFG6fbrrKKowufV4Bm6e5JFGGw3xLdcnktG5kg',
    client_secret: 'MeKZwqp9f5iBD1sncIRb7r4hrYCvl51y2Tb1oQezuxO04Cb0sJAtEazQu5yYiqUx83v7zZhDzVquBTw2GkY6LfvVqNxufPSVhHm4jTGIdclqRGu0Ow8lLO0wu3bmV7'
})
.then((res)=>{
    localStorage.setItem('access_token',res.data.access_token)
    localStorage.setItem('refresh_token',res.data.refresh_token)
})
}

export default googleLogin`

backend social login is handled by `drf_social_oauth2`.
The expected behavior is on login from the frontend in Google, an user should be created in the backend.
I have verified the models, serializers, and other backend stuff including settings.py
The error is the response of API with the status `400 Bad Request` and response `{error: "access_denied", error_description: "Your credentials aren't allowed"}`
Payload is something like this

![image](https://github.com/wagnerdelima/drf-social-oauth2/assets/63193129/d39d3fa1-39e0-454d-8dbb-93212fcec3ca)
saumojit commented 1 year ago

-- google["credential"] ( JWT Token ) curl -X POST -d "grant_type=convert_token&client_id=11&client_secret=11&backend=google-oauth2&token=" http://localhost:8000/auth/convert-token

I have google jwt token which I am passing above curl command , but it is giving the same error as above -- {"error":"access_denied","error_description":"Your credentials aren't allowed"} on drf-social-auth2.

Same token when i use with from google.oauth2 import id_token , it works good.

requested to provide a quick resolution on this