Invalid credentials error during authentication with OmniAuth Google OAuth 2 gem

Showing 1-5 of 5 messages
Invalid credentials error during authentication with OmniAuth Google OAuth 2 gem Lachlan Cotter 12/10/11 10:09 AM

I've been using OmniAuth with Google OAuth2 to connect to calendar APIs.

Everything was working fine until a couple of days ago when I noticed mysterious errors related to missing refresh tokens.

A little digging turned up this article:

http://googlecode.blogspot.com/2011/10/upcoming-changes-to-oauth-20-endpoint.html

which explains that the API has been changed and I now need to pass additional arguments if I want to ensure I get the refresh token when authenticating. 

I updated to omniauth-google-oauth2 v0.1.8 which has apparently been updated to fix the error (I checked the source to verify it is indeed passing the new access_type and approval_prompt arguments as required.

However the new implementation is broken.

When I attempt to authenticate to get new credentials from Google, I get presented with the permission page as expected, but after I grant permission and Google redirects back to my app, OmniAuth redirects the request to /auth/failure?message=invalid_credentials.

It appears that Google is returning this result:

{

   "error": {

       "errors": [{

           "Domain": "com.google.auth"

           "Reason": "invalidAuthentication"

           "message": "invalid token",

           "LocationType": "header"

           "location": "Authorization"

       }],

       "code": 401,

       "message": "invalid token"

   }

}

But when I check the Authorizations page in my Google Account, it shows my application in there, as if the authorization has completed successfully.

I have no idea what to try next. As far as I can tell I'm doing everything to spec. The  credentials should be valid as I was using them without issue before.

Any suggestions on how to proceed would be very much appreciated—this change has essentially broken my app.


Cheers,

Lach

Re: Invalid credentials error during authentication with OmniAuth Google OAuth 2 gem Lachlan Cotter 12/10/11 10:06 PM
Okay—sorted it. I traced through the OmniAuth code and found the culprit was an error in the way the the OmniAuth strategy was specifying scopes. The OmniAuth strategy uses the account email address as a UID and it calls the userinfo service by default during the authentication flow, so you need to include "userinfo.email" in your scopes list otherwise the authentication flow will raise and exception and fail to return the tokens.
Re: Invalid credentials error during authentication with OmniAuth Google OAuth 2 gem Michael Erasmus 1/11/12 1:50 PM
Thanks for your update Lach. I have the exact same issue and I would like to try your solution, but I'm not sure what you mean by having to include "userinfo.email" in your scopes list. Would you care to help this ignorant soul? 
Re: Invalid credentials error during authentication with OmniAuth Google OAuth 2 gem Dhruv Garg 3/16/12 10:28 AM
Hi Michael, were you able to resolve this? Facing the same problem and im using v0.1.9 where userinfo,email is in the DEFAULT_SCOPE already.
Re: Invalid credentials error during authentication with OmniAuth Google OAuth 2 gem Dhruv Garg 3/16/12 10:35 AM
Nvm -- was using the wrong secret key. Stupid, stupid.