Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google OAuth not working on production server (hosted on heroku), works fine on localhost #577

Open
Zimmerr opened this issue May 16, 2024 · 0 comments

Comments

@Zimmerr
Copy link

Zimmerr commented May 16, 2024

I've been working on a small project that uses Google OAuth, and it worked perfectly until i had to put it on production. The errors only happen in production and doesnt seem to be related with incorrect URIs because i double checked all of them but i might be wrong

I'm hosting the front-end of my project on GitHub Pages, and the back-end (this Django API) on Heroku. When hosting both on localhost i can log-in normally, but when trying to do it on production, i get the following error:

{non_field_errors: ["Session value state missing."]}

For the looks of it, maybe i was not properly sending the state, but i was, both state and code were being sent correctly

The big difference I noticed between the local payload and the production one are some headers, main difference was the Cookies header missing on the production one, and they had a sessionid and a csrftoken on it, but i could not find any way to send those Cookies on the header, neither the reason of why they aren't being sent to the production API, only the local one

After not having any sucess, i tried the desperate measure of overriding the default GoogleOAuth2 class to get rid of the state error by doing this:

class GoogleOAuth2(google.GoogleOAuth2):
    STATE_PARAMETER = False

And putting this on settings:

AUTHENTICATION_BACKENDS = (
    'ballersAPI.autenticacao.models.GoogleOAuth2',
    'django.contrib.auth.backends.ModelBackend'
)

But still, i got the following response from backend:

{non_field_errors: ["Authentication process canceled"]}

Now i'm completely out of ideas, i also tried changing the following settings but neither adding or removing them helped in any form

DEBUG = False
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOW_HEADERS = ["Authorization", "Content-Type", "Accept", "Cookie"]
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
Those are my auth related relevant settings.py lines if you guys need them to investigate the problem:

DJOSER = {
    'LOGIN_FIELD': 'email',
    'SOCIAL_AUTH_TOKEN_STRATEGY': 'ballersAPI.strategy.TokenStrategy',
    'SOCIAL_AUTH_ALLOWED_REDIRECT_URIS': ['http://localhost:3000',
                                          'http://127.0.0.1:3000',
                                          'https://zimmerr.github.io/ballers-frontend/'],
}


AUTHENTICATION_BACKENDS = (
    'social_core.backends.google.GoogleOAuth2',
    'django.contrib.auth.backends.ModelBackend'
)

SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = config('GOOGLE_CLIENT_ID')
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = config('GOOGLE_CLIENT_SECRET')
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = [
    'https://www.googleapis.com/auth/userinfo.email',
    'https://www.googleapis.com/auth/userinfo.profile',
    'openid'
]
SOCIAL_AUTH_GOOGLE_OAUTH2_EXTRA_DATA = ['first_name', 'last_name']
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant