Google OAuth - Precondition Failed?

Bailey Fisher

It seems when trying the Google OAuth, I get stuck on the Continue API GET request. My Init works fine, but when running Continue with my code & redirect_URI I just get 

"{
code: 
ERROR_CODE_ACCESS_DENIED,

message: 
Precondition failed.
}

Any ideas? I haven't edited the API GET request at all.[chrome_TY1PQEtIqQ.png]

Lachlan McPherson

Hey Bailey, 

We were experiencing a similar issue as well, I'll resume looking into this again, and hopefully we can work out a solution together 👍

Lachlan McPherson

We were using this guide: 
https://www.youtube.com/watch?v=egMYA49tBqo&ab_channel=Xano

Michael Udinski

 - what does your code start with? Your browser might be encoding it

Lachlan McPherson

The code im receiving is: 4%2F0AX4XfWii50fENzDcaWhwxpX6bJowsvrSW1qKK5NniJUeQEC55WmfAaiBqZGfQixxxxxxxx

Lachlan McPherson

And same error as Bailey:
 [Image] 

Bailey Fisher

 This is indeed the same issue, then &scope follows this param.  any ideas?

Bailey Fisher

 Bumping this, any ideas?

Michael Udinski

 I would use the url_decode filter for your code. 

If yours looks the same as Lachlan's then I'd use the same filter Bailey.

It's strange but appears some browsers tend to encode the code for some reason. 

Lachlan McPherson

 that looks to be working, I'm having an alternate issue with duplicate records now, however I'll have a play with the function to get that resolved.    I used the url decode like this [image.png]

Lachlan McPherson

FYI not sure if it is a browser issue or something else, as I tried multiple browsers with the same result. 

Bailey Fisher

 How exactly did you get it to work? I tried adding the filter in the API function but it gives me error "Access Denied"

Bailey Fisher

[chrome_2rgjbDWOTp.png]

Bailey Fisher

 Any thoughts?

Lachlan McPherson

 Hi Bailey, I did my decoding as an independent function. 

The only function I had in my stack was "Create new variable" and I pasted the code as a fixed value. I then applied the url_decode filter and ran the scenario. 

I then copied the result into my "Continue" api. 

Bailey Fisher

 It seems after the URL decode my error still persists, I am getting error "Invalid Grant" from Google's API. Going to try and re-build the whole request now.

Michael Udinski

 OK rebuild and see if it works out.

If not, I suggest coming to an office hours because it's difficult to debug without seeing what you're doing. 

Ray Deck

 Can you share what the final request looks like? You could build the request into a text string in a "create variable" function (called, say, "uri"), then add a "stop and debug" function after that to display the value of that variable. Throw a black rectangle over some or all of your client secret of course before posting. Just getting eyeballs on the data can make a difference. 

Bailey Fisher

 Here it is!  Any ideas?
request: {url:
https://oauth2.googleapis.com/token,method:
POST,headers: [6],params:
code=4%2F0AX4XfWgBVBPKwGUE0H2YpgmpMoeUVtyVb1gMdPedwvYWwmfdxpfl3uD05ZdlkauI0oRxJg&client_id=REDACTED&client_secret=REDACTED&redirect_uri=https%3A%2F%2Fblack-peak-creative.webflow.io%2Fcourse%2Fcontent&grant_type=authorization_code},response: {headers: [

HTTP/2 400,

date: Thu, 10 Mar 2022 21:47:07 GMT,

pragma: no-cache,

expires: Mon, 01 Jan 1990 00:00:00 GMT,

cache-control: no-cache, no-store, max-age=0, must-revalidate,

content-type: application/json; charset=utf-8,

vary: Origin,

vary: X-Origin,

vary: Referer,

content-encoding: gzip,

server: scaffolding on HTTPServer2,

content-length: 79,

x-xss-protection: 0,

x-frame-options: SAMEORIGIN,

x-content-type-options: nosniff],result: {error:
invalid_grant,error_description:
Bad Request},status:
400

Bailey Fisher

   
I found this possible solution, but it seems when running my API call with my email it just responds with "no client ID found"

https://stackoverflow.com/questions/10576386/invalid-grant-trying-to-get-oauth-token-from-google
I ran into this same problem despite specifying the "offline" access_type in my request as per bonkydog's answer. Long story short I found that the solution described here worked for me:https://groups.google.com/forum/#!topic/google-analytics-data-export-api/4uNaJtquxCs
In essence, when you add an OAuth2 Client in your Google API's console Google will give you a "Client ID" and an "Email address" (assuming you select "webapp" as your client type). And despite Google's misleading naming conventions, they expect you to send the "Email address" as the value of the client_id parameter when you access their OAuth2 API's.
This applies when calling both of these URL's:• https://accounts.google.com/o/oauth2/auth
• https://accounts.google.com/o/oauth2/token

Note that the call to the first URL will succeed if you call it with your "Client ID" instead of your "Email address". However using the code returned from that request will not work when attempting to get a bearer token from the second URL. Instead you will get an 'Error 400' and an "invalid_grant" message.

Ray Deck

Is there a curly brace at the end of your body? Does that need to get removed? 

Nvm. After more careful reading, I see the params field is at the end of the request object, and the curly brace goes with that. 

Ray Deck

I've had the problem before of our friends in Mountain View being quite persnickety about the redirect URI for oauth. Can you share what that setup looks like from your google console?

Michael Udinski

This was resolved during office hours do to a mismatch in the redirect_uri. The invalid code was from trying the code multiple times (Google provides a one-time use code).

prosperly

@Michael Udinski I'm running into the error. What exactly is the fix here? What does it mean that google provides a one-time use code?

Michael Udinski

Google attaches a code to the redirect URI that you provide. This code can only be used one time. Google requires you to use a fresh code every time you want to authenticate. (This is generally standard for OAuth)

prosperly

@Michael Udinski I had google oAuth working with xano when I started my project/went through the onboarding process (which asked me if i'd like to set up google oauth). I removed those endpoints and re-downloaded the extension at some point, and obviously set up the id/secret etc...

However, now I am running into that precondition failed message. I've taken this to multiple devs who walked through everything with me an we still ran into this issue. I'm not able to test in Xano with the redirect URI and the code generated... any thoughts?

prosperly

The odd part is that the google authentication actually works! It's set up and working fine and I can create/login a user in my app.

I just can't test & debug, because i just get the precondition failed notice. You can see below that I got the status code 200 here.

Michael Udinski

Hi @prosperly - it would be hard to debug anything without more specific details... I do expect it to be a code or redirect URI issue but it'll be hard to confirm here. Can you please sign up for an upcoming office hours so we can debug over live screen share?

5h8yn8

@Bailey Fisher How did you resolve the Invalid Grant error? I've added the URI decode to the code variable in the google/continue, which seemed to help the other issue.