not getting openid.ext2.request

Ahmed Idoumhaidi

unread,

Sep 4, 2013, 11:04:28 AM9/4/13

to socialau...@googlegroups.com

Hi,

We tested socialAuth successfully in dev, thank you for that great framework.

Facebook login works fine, but we have troubles with Google in prod.

We get troubles from the call back. Here is the call back request from google:

http://toujoursplus.be/loginsocialcallback?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2013-09-04T09%3A29%3A05Zx0IalaAK4rWzBA&openid.return_to=http%3A%2F%2FtoujoursPlus.be%2Floginsocialcallback&openid.assoc_handle=1.AMlYA9WMrGI0HP7TJ_MTQhGk8ptZwLTmx60BqBJuz6eO0aJIAsXsC0UoODv15A&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.firstname%2Cext1.value.firstname%2Cext1.type.lastname%2Cext1.value.lastname%2Cext1.type.language%2Cext1.value.language%2Cext1.type.email%2Cext1.value.email%2Cext1.type.country%2Cext1.value.country&openid.sig=qFO2l0jSbBywRTpabWJ8W0S%2B%2BLc%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawm4QDChOORlOdBXT4_B3nGAieSL_xM1wTg&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawm4QDChOORlOdBXT4_B3nGAieSL_xM1wTg&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_response&openid.ext1.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ext1.value.firstname=Ahmed&openid.ext1.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ext1.value.lastname=Idoumhaidi&openid.ext1.type.language=http%3A%2F%2Faxschema.org%2Fpref%2Flanguage&openid.ext1.value.language=en&openid.ext1.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.value.email=ahmed.idoumhaidi%40gmail.com&openid.ext1.type.country=http%3A%2F%2Faxschema.org%2Fcontact%2Fcountry%2Fhome&openid.ext1.value.country=BE

It is handled by that method:

// In loginSocial, we redirect to facebook or google. Then FB or google tells the browser to redirect here.
@RequestMapping(value = "/loginsocialcallback")
public String loginSocialCallback(HttpSession session, HttpServletRequest request) {
SocialAuthManager socialAuthManager = (SocialAuthManager) session.getAttribute("socialmanager");

// The following line does not work. We'd need to access SocialAuthManager.providerId which is private.
// String providerId = socialAuthManager.getCurrentAuthProvider().getProviderId(); // "facebook" or "google"
// ==> We have been forced to store the providerId separately in the session.
String providerId = (String) session.getAttribute("providerId");
// Contacting Facebook or Google to get the user's e-mail
Map<String, String> paramsMap = SocialAuthUtil.getRequestParametersMap(request);
Profile profile = null;
try {
profile = socialAuthManager.connect(paramsMap).getUserProfile();
} catch (Exception e) {
log.error("Exception during social login callback (while contacting "+providerId+" to get the e-mail address)", e);
return "redirect:login";
}

The SocialAuthManager.connect() throws an exception:

INFO | jvm 1 | 2013/09/04 09:20:22 | org.brickred.socialauth.exception.SocialAuthException: Key in Request Token is null or blank

INFO | jvm 1 | 2013/09/04 09:20:22 | at org.brickred.socialauth.util.OAuthConsumer.getAccessToken(OAuthConsumer.java:231)

INFO | jvm 1 | 2013/09/04 09:20:22 | at org.brickred.socialauth.oauthstrategy.Hybrid.verifyResponse(Hybrid.java:138)

INFO | jvm 1 | 2013/09/04 09:20:22 | at org.brickred.socialauth.oauthstrategy.Hybrid.verifyResponse(Hybrid.java:115)

INFO | jvm 1 | 2013/09/04 09:20:22 | at org.brickred.socialauth.provider.GoogleImpl.doVerifyResponse(GoogleImpl.java:172)

INFO | jvm 1 | 2013/09/04 09:20:22 | at org.brickred.socialauth.provider.GoogleImpl.verifyResponse(GoogleImpl.java:161)

INFO | jvm 1 | 2013/09/04 09:20:22 | at org.brickred.socialauth.SocialAuthManager.connect(SocialAuthManager.java:184)

INFO | jvm 1 | 2013/09/04 09:20:22 | at learningresourcefinder.controller.LoginController.loginSocialCallback(LoginController.java:100)

After some investigation in your source code, it seems that social-auth is not happy not find the following parameter in the request:

public class OpenIdConsumer {
public static final String OPENID_REQUEST_TOKEN = "openid.ext2.request_token";

Here is the call back request as recorded by Chrome:

http://toujoursplus.be/loginsocialcallback?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2013-09-04T12%3A00%3A14Zx79-yeP2pZwrcg&openid.return_to=http%3A%2F%2FtoujoursPlus.be%2Floginsocialcallback&openid.assoc_handle=1.AMlYA9UrdjwZf1w75k_F-K0yMN7mWvK94SVr-OFdc3mXxkprTSYQ-jJiRUmbTw&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cext1.mode%2Cext1.type.firstname%2Cext1.value.firstname%2Cext1.type.lastname%2Cext1.value.lastname%2Cext1.type.language%2Cext1.value.language%2Cext1.type.email%2Cext1.value.email%2Cext1.type.country%2Cext1.value.country&openid.sig=Omp6Kl%2F7nZLInXTinvdz3R7AEmU%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawm4QDChOORlOdBXT4_B3nGAieSL_xM1wTg&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawm4QDChOORlOdBXT4_B3nGAieSL_xM1wTg&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_response&openid.ext1.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ext1.value.firstname=Ahmed&openid.ext1.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ext1.value.lastname=Idoumhaidi&openid.ext1.type.language=http%3A%2F%2Faxschema.org%2Fpref%2Flanguage&openid.ext1.value.language=en&openid.ext1.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.value.email=ahmed.idoumhaidi%40gmail.com&openid.ext1.type.country=http%3A%2F%2Faxschema.org%2Fcontact%2Fcountry%2Fhome&openid.ext1.value.country=BE

and indeed, no "openid.ext2..." param is found. We only get "openid.ext1..." params. Would social-auth and google not agree on what protocal to use or something like that? At this point, I can only guess because I'm a complete newbie in oAuth.

Here is our google config:

http://screencast.com/t/qtBOrnBHD5oA

Here is our social-auth config:

<util:properties>

<prop key="www.google.com.consumer_key">${google_app_id}</prop>

<prop key="www.google.com.consumer_secret">${google_secret_key}</prop>

<prop key="graph.facebook.com.consumer_key">${facebook_app_id}</prop>

<prop key="graph.facebook.com.consumer_secret">${facebook_secret_key}</prop>

</util:properties>

</property>

</bean>

filled with these values:

google_app_id=981454298095.apps.googleusercontent.com

google_secret_key=fuNtsfA_gg3AO22xlSx8VoHQ

We made some local tests with these values from your tutorial:

google_app_id=opensource.bricked.com

google_secret_key=YC06FqhmCLQvtBq/O4W/aJfj

and it works. Here is the callback request sent by Google, it indeed contains "openid.ext2..." parameters this time...

http://opensource.brickred.com:8080/GoogleConnect/Profile?openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2013-09-04T12%3A03%3A11Z6a68AyG1uF5D8w&openid.return_to=http%3A%2F%2Fopensource.brickred.com%3A8080%2FGoogleConnect%2FProfile&openid.assoc_handle=1.AMlYA9ViBpH-jWGTPJQEnCtz1JIKRGgivf7F9dBFN4vob5MgQy4YFXdgnqu8HA&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ext1%2Cns.ext2%2Cext1.mode%2Cext1.type.firstname%2Cext1.value.firstname%2Cext1.type.lastname%2Cext1.value.lastname%2Cext1.type.language%2Cext1.value.language%2Cext1.type.email%2Cext1.value.email%2Cext2.scope%2Cext2.request_token&openid.sig=5Jpxbi6ejDQz%2BdIGCyH30iNPDnY%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawlbS3sXsiP9qMW0PY6Sa8mW_3TFOXLbZgo&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOawlbS3sXsiP9qMW0PY6Sa8mW_3TFOXLbZgo&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_response&openid.ext1.type.firstname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffirst&openid.ext1.value.firstname=Sebastien&openid.ext1.type.lastname=http%3A%2F%2Faxschema.org%2FnamePerson%2Flast&openid.ext1.value.lastname=Dedisse&openid.ext1.type.language=http%3A%2F%2Faxschema.org%2Fpref%2Flanguage&openid.ext1.value.language=en&openid.ext1.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ext1.value.email=sebastien.dedisse%40gmail.com&openid.ns.ext2=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Foauth%2F1.0&openid.ext2.scope=https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F&openid.ext2.request_token=4%2F-5jcnHbQD6gZnmnHNkNBhfG7L9vy.EvNSqHDKsi0VOl05ti8ZT3YHYrnRgQI

This guys seems to have the same problem:

http://stackoverflow.com/questions/11788160/openid-and-oauth-not-working
https://code.google.com/p/socialauth/issues/detail?id=96 (bug supposed to be fixed a few years ago -> it's probably anohter cause).

Do you have any idea for us to explore?

Many thanks!

Tarun Nagpal

unread,

Sep 5, 2013, 11:55:13 AM9/5/13

to socialau...@googlegroups.com

Hi

The configuration for google as you have shown in the screen shot is for google plus.

Use following configuration and use the provider id 'googleplus'

#google plus
googleapis.com.consumer_key = 981454298095.apps.googleusercontent.com
googleapis.com.consumer_secret = fuNtsfA_gg3AO22xlSx8VoHQ

Ahmed Idoumhaidi

unread,

Sep 6, 2013, 4:48:01 AM9/6/13

to socialau...@googlegroups.com

Thank you so much Tarun Nagpal for your proposal.

In our controller doing the initial redirect to google, we changed the providerId from "google" to "googleplus":

urlToFacebookOrGoogle = socialManager.getAuthenticationUrl(providerId, successUrl); // We can use this method to add permissions later : getAuthenticationUrl(id, successUrl, permission)

We also changed the config from "www.google..." to "googleapis.com...":

<prop key="googleapis.com.consumer_key">${google_app_id}</prop>
                <prop key="googleapis.com.consumer_secret">${google_secret_key}</prop>
<!--                 <prop key="www.google.com.consumer_key">${google_app_id}</prop>

<prop key="www.google.com.consumer_secret">${google_secret_key}</prop>

-->

At the initial redirect from us to google, we get a google error page with these details:

Error: invalid_client
Request Details

    cookie_policy_enforce=false
    response_type=code
    scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
    redirect_uri=http://toujoursPlus.be/loginsocialcallback
    client_id=981454298095.apps.googleusercontent.com

With the previous configuration (google, no googleplus) it worked one step further, we had the connection page.

Any other idea?
Ahmed.

--
You received this message because you are subscribed to a topic in the Google Groups "socialauth-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/socialauth-users/w29lqMyyb5M/unsubscribe.
To unsubscribe from this group and all its topics, send an email to socialauth-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Tarun Nagpal

unread,

Sep 6, 2013, 6:50:52 AM9/6/13

to socialau...@googlegroups.com

Please make sure you are using the right client id/secret, no extra spaces and all.

Also add redirect uri in google app registration setting.

Please let me know if it doesn't work.

Ahmed Idoumhaidi

unread,

Sep 6, 2013, 9:25:31 AM9/6/13

to socialau...@googlegroups.com

so there was a trailing Tab on the client id, as you suggested
it worked further, then you had to redirect uri in google app setting as you suggested

now it works !

Thanks y so much ^^.

Reply all

Reply to author

Forward

not getting openid.ext2.request_token

Ahmed Idoumhaidi

Tarun Nagpal

Ahmed Idoumhaidi

Tarun Nagpal

Ahmed Idoumhaidi