question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Code + PKCE does not work for accounts.google.com

See original GitHub issue

Describe the bug Code + PKCE does not seem to work with google as an identity provider, even though the discovery document suggests otherwise (if I understand it correctly at least). Specifically, the POST request to the token endpoint fails with a 400 “client_secret is missing.” What am I doing wrong here? The token endpoint shouldn’t need the client_secret if PKCE is being used, right?

Stackblitz example stackblitz works now, I really didn’t understand that I was trying to commit to your repo… these are the changes I made:

  1. add import { googleAuthConfig } from '../auth.google.config'; to the imports of projects/sample/src/app/home/home.component.ts.
  2. in the same file, replace authCodeFlowConfig in line 62 with googleAuthConfig
  3. go through that same procedure of replacing authCodeFlowConfig with googleAuthConfig in projects/sample/src/app.component.ts
  4. add responseType: 'code', to the AuthConfig in projects/sample/src/app/auth.google.config.ts

To Reproduce Steps to reproduce the behavior:

  1. Click on ‘Login’ in the ‘Login with Code Flow’ section.
  2. Authorize the app with your google account

Expected behavior The app should be authorized with google and there should be a working token and user information in the session storage

Desktop (please complete the following information):

  • OS: Windows
  • Browser Chrome
  • Version 81

Additional context Add any other context about the problem here.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
aaronpkcommented, Jun 24, 2021

No, their docs are wrong, that was what I was saying. Even though their docs include the client secret in the mobile app section, that doesn’t make sense because you don’t get client secrets when you build a mobile app on Google.

I was able to register an app as a mobile app, getting only a client ID, and do the OAuth authorization code flow from pure JavaScript and it worked fine.

1reaction
pecirepcommented, May 4, 2020

Note: the stackblitz example you linked has no OAuth code at all?

Never used stackblitz before and forgot to commit… Been a long day

Read more comments on GitHub >

github_iconTop Results From Across the Web

Using Google OIDC with code flow and PKCE - Stack Overflow
Googles' OAuth2 implementation has not yet applied the "work in progress" recomendation of PKCE being applied to web applications.
Read more >
OAuth 2.0 for Mobile & Desktop Apps - Google Developers
Google supports the Proof Key for Code Exchange (PKCE) protocol to make the installed app flow more secure. A unique code verifier is...
Read more >
Fix common issues with 2-Step Verification - Google Support
Choose the right steps to get back into your account, based on if you set up another second step, like: Verification codes; Google...
Read more >
Add Login Using the Authorization Code Flow with PKCE
For example, you can pass a value of github to send the user directly to GitHub to log in with their GitHub account....
Read more >
What authorization flows are recommended for extensions?
Authorization Code Flow with PKCE looks to work round this, but has ... I don't have enough experience with this kind of thing...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found