We're building a site using Ember for a frontend app which interacts with our Django Rest Framework API Backend. For Social Authentication we're using django_rest_auth coupled with django-allauth. The site is mostly all working, except we've run into problems with social authentication. Our local account authentication/registration is working fine.
I've made many projects that use django-allauth, but this is the first time using a restful authentication system. The ember application is able to go and fetch the token from google just fine. The response is something like:
{
authorizationCode: "mYtokEn12345",
provider: "google-oauth2",
redirectUri: "http://localhost:4200/dashboard"
}
I then post the access_token to my endpoint that I've set up according to the django_rest_auth docs. POST /auth/google {access_token:} but I get an error returned from Google that says "Invalid Credentials". How can I get Invalid Credentials after already Authenticating with Google and receiving my token?
After debugging through the code, I found that I was getting that response from https://www.googleapis.com/oauth2/v1/userinfo during the complete_login
function in the allauth.socialaccount.providers.google.views.GoogleOAuth2Adapter
class.
It's trying to run a GET https://www.googleapis.com/oauth2/v1/userinfo?access_token=mYtokEn12345&alt=json but returning Invalid Credentials.
{
error: {
errors: [
{
domain: "global",
reason: "authError",
message: "Invalid Credentials",
locationType: "header",
location: "Authorization"
}
],
code: 401,
message: "Invalid Credentials"
}
}
I'm pretty stumped on where to go from here. Anyone have some pointers on why this is happening? Any other code/errors I can give to be helpful?
It turned out that we weren't using the correct token. We were using the authorizationCode, which is used in another request to receive the token.