I am building rails and google oauth for a project. Right now, it is a very straight forward set up
# gemfile
gem 'rails', '~> 5.2.3'
gem 'administrate'
gem 'devise', github: 'heartcombo/devise', branch: 'ca-omniauth-2'
gem 'omniauth-google-oauth2'
gem 'dotenv-rails', groups: [:development, :test]
gem 'google-api-client', require: 'google/apis/calendar_v3'
gem 'omniauth-rails_csrf_protection'
# devise.rb
config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], {
access_type: "offline",
prompt: "consent",
select_account: true,
scope: 'userinfo.email, calendar, openid',
provider_ignores_state: true
}
and then I have my code working for auth'ing with Google and logging users into devise.
I am using google calendar for a scope, which is now as of 2021 considered a sensitive scope, and because of that I have to add test users to the google project to get it to work. Currently in my google set up, I have 2 users white-listed as allowed users to use the app.
Right now, 1 user is able to log into the app just fine. They go to the page, auth with google, accept permissions, and google logs them in.
For 1 other user, google does not work. They go to the page, attempt to auth with google, and get a page back that says
SOMETHING WENT WRONG
sorry, something went wrong there. Try again.
and then are redirected to the google error page that says
400. That's an error
The server cannot process the request because it is malformed. It should not be retried.
That's all we know.
I'm not able to figure this out, because it is working perfectly for 1 user and not for the other. The only thing I can think of is looking in the heroku logs. I was able to find requests for both users.
Here are the logs for a successful login
2021-01-26T19:15:49.316985+00:00 app[web.1]: I, [2021-01-26T19:15:49.316862 #4] INFO -- : [c8194f6f-6cc9-4d1c-8ea2-9439d4a3f758] Started POST "/admin_users/auth/google_oauth2" for 108.80.197.86 at 2021-01-26 19:15:49 +0000
2021-01-26T19:15:49.317524+00:00 app[web.1]: D, [2021-01-26T19:15:49.317454 #4] DEBUG -- omniauth: (google_oauth2) Request phase initiated.
2021-01-26T19:15:49.331305+00:00 heroku[router]: at=info method=POST path="/admin_users/auth/google_oauth2" host=<host> request_id=c8194f6f-6cc9-4d1c-8ea2-9439d4a3f758 fwd="108.80.197.86" dyno=web.1 connect=1ms service=16ms status=302 bytes=1662 protocol=https
2021-01-26T19:15:59.988809+00:00 app[web.1]: I, [2021-01-26T19:15:59.988635 #4] INFO -- : [cb1c461a-de2d-47cf-97d7-c5c594dcedc2] Started GET "/admin_users/auth/google_oauth2/callback?state=<state>&code=<code>&scope=email%20https://www.googleapis.com/auth/calendar%20https://www.googleapis.com/auth/userinfo.email%20openid&authuser=0&prompt=consent" for 108.80.197.86 at 2021-01-26 19:15:59 +0000
2021-01-26T19:15:59.989574+00:00 app[web.1]: D, [2021-01-26T19:15:59.989451 #4] DEBUG -- omniauth: (google_oauth2) Callback phase initiated.
2021-01-26T19:16:00.159852+00:00 app[web.1]: I, [2021-01-26T19:16:00.159697 #4] INFO -- : [cb1c461a-de2d-47cf-97d7-c5c594dcedc2] Processing by AdminUsers::OmniauthCallbacksController#google_oauth2 as HTML
2021-01-26T19:16:00.159977+00:00 app[web.1]: I, [2021-01-26T19:16:00.159863 #4] INFO -- : [cb1c461a-de2d-47cf-97d7-c5c594dcedc2] Parameters: {"state"=>"<state>", "code"=>"<code>", "scope"=>"email https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email openid", "authuser"=>"0", "prompt"=>"consent"}
Here are the logs for an unsuccessful login
2021-01-26T14:16:32.326486+00:00 app[web.1]: I, [2021-01-26T14:16:32.326382 #4] INFO -- : [545e059b-7f9b-4687-8b0e-b9f7479625e2] Started POST "/admin_users/auth/google_oauth2" for 107.203.102.116 at 2021-01-26 14:16:32 +0000
2021-01-26T14:16:32.326882+00:00 app[web.1]: D, [2021-01-26T14:16:32.326810 #4] DEBUG -- omniauth: (google_oauth2) Request phase initiated.
2021-01-26T14:16:32.331603+00:00 heroku[router]: at=info method=POST path="/admin_users/auth/google_oauth2" host=<host> request_id=545e059b-7f9b-4687-8b0e-b9f7479625e2 fwd="107.203.102.116" dyno=web.1 connect=0ms service=9ms status=302 bytes=1674 protocol=https
So in looking at the logs, the unsuccessful request just stops after the user hits the google button and google seems like it's not calling back the request.
Why would it be working for 1 user, and not working for another?
Any help is much appreciated
This was resolved. the problem was the other user was using a google provided email that was not a gmail i.e. a [email protected] email address. even though it is controlled by google, it seems like you need a gmail to auth. we switched to a gmail email and it worked fine.