I am getting this openid authernisation error when trying to log into an openid service from a mobile app, could anyone explain to me the possible causes?
Error Domain=org.openid.appauth.general Code=-4
In the documentation it says "general" error, wouldbe good to have more insight on what are the potential causes.
I had the same issue. It is authorisation error and in my case was caused by not setting clientSecret with the request.
Related
I am currently using Strapi as my backend and am having issues with authentication.
When I hit /api/auth/local, the user is created in the strapi backend and the jwt token is created.
After that, I try to hit /api/users/me and the endpoint returns a 404. I have the user permissions for an authenticated user turned on (find, findOne, and me) but am still getting this error.
Please help and thank you in advance!
In my case, was appearing error 500 all the time, because the user was blocked. After change, worked for me.
I follow these explanation https://www.youtube.com/watch?v=8rju99LTUNA
I configured Google Cloud IAP for AppEngine, and then, when I try to access my app, I login to my google account, and I am redirected to this url:
project-id.appspot.com/_gcp_gatekeeper/authenticate?state=long-state-string&scope=email%20openid%20https://www.googleapis.com/auth/userinfo.email&authuser=2&hd=domain.com&session_state=a23b09e8ae90697d931d96068fdcf163a7a71010..9268&prompt=consent
This page just shows the following error, and nothing else matters:
There was a problem with your request. Error code 11
Tried looking for logs everywhere but in vain. #Matthew Sachs Do you have any idea ?
Experienced this when setting up a new project and the solution was to turn IAP off and then back on again.
Not a great answer but hopefully will help.
I'm working on a C# project that use Gmail API in single-user mode to retrieve user's mail. The application is working nicely.
Recently, we got a strange behavior from this API. When the user hasn't a #gmail account with Gmail disabled and try to use our product, for some we got a "Bad Request 400" with "Mail service not enabled" exception and for other users, we got "Bad Request 400" with "failedPrecondition" exception.
The users are on the same domain name. I searched through Gmail API documentation and I found nothing that can explain this.
Our thoughts are that maybe some users have different settings in their Google account that can cause the "general" "failedPrecondition".
Any advice?
Thanks
After reading the following article:
http://blogs.technet.com/b/ad/archive/2015/08/12/azure-ad-microsoft-account-preview-sign-in-personal-and-work-accounts-using-a-single-stack.aspx
I tried to implement an OpenID Connect/Oauth code flow per the documentation at:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-appmodel-v2-overview/
I'm using mod_auth_openidc as my Relying Party (that I have working with both Google and my own OpenID Provider.
I've registered my app at https://apps.dev.microsoft.com, and gone through all the steps. I get the login screen at microsoft, then the permissions screen and when it redirects back to my site and hits mod_auth_openidc, I get an error that says:
Error:
The OpenID Connect Provider returned an error: Error in handling response type.
In my Apache Error logs I get:
oidc_proto_validate_code_response: requested flow is "code" but no "access_token" parameter found in the code response, referer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&scope=openid&client_id=xxx&state=yyy&redirect_uri=https%3A%2F%2Fdst-dev.mydomain.com%2Foauth2callback&nonce=zzz
and
oidc_proto_resolve_code_and_validate_response: code response validation failed,
What I'm trying to figure out is where the problem lies. Is there an issue with what Microsoft is sending mod_auth_openidc, or is there a bug or configuration issue on the mod_auth_openidc side?
The example at MS webpages uses a different response mode and response type in the authentication request:
&response_mode=form_post&response_type=code+id_token
both are supported by mod_auth_openidc so you could apply something similar by including:
OIDCResponseType id_token
OIDCResponseMode form_post
in the Apache configuration or using the associated primitives in the .conf file for Microsoft when using multiple providers.
can someone point me in the right direction re: redirect uri
right now i have app hosted on appspot (nothing done or uploaded to it at this point)
"Error: Server Error
The server encountered an error and could not complete your request.
If the problem persists, please report your problem and mention this error message and the query that caused it."
do i need to upload anything for this to work?
https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=https://oauth2-login-demo.appspot.com/code&
grant_type=authorization_code
i just want to authenticate so that i can use the calendar api
Do upload the application. I am not sure what you mean by saying that the app is hosted on appspot but nothing done or uploaded at this point. So, first make sure that you have uploaded a version of your application.
The OAuth process is redirecting the flow if I understand correct to oauth2-login-demo.appspot.com and you must have registered this callback url when setting up your application.
So it seems that the redirection is probably taking place but you are seeing the General Exception that is normally thrown by App Engine.
You should look into the Admin Console -> Logs for your application to understand the reason for the failure. You might get some information there about the cause.
If there is a problem with your code, it will point that in the logs. Alternately, put in some exception handlers and bump up the Log Level to INFO in your logging.properties to have a better chance of tracking down the root case.