Any solution for the Google OAuth 400 and 403 errors?

napu

Hello! I'm having some issues with the Google OAuth extension in Xano, I believe I did the whole setup the right way twice, but when I hit the /oauth/google/continue after the /oauth/google/init, I'm getting this 403 response on my application (Webflow + Wized):
{
"code": "ERROR_CODE_ACCESS_DENIED", "message": "Precondition failed.",
"payload": ""
}

Then, manually did the same steps but in Xano trying to debug it, turns out the error happens in a custom function called google_oauth_getaccesstoken, from where Xano makes a request to the Google OAuth API, I ran & debugged the function with an unused code (filtered with url_decode) and the authorized redirect_uri from google cloud console as parameters, and I get this 400 response:

I've seen that there are already posts about this issue and some workarounds for it, but I already tried everything I found and I am still stuck, I hope is just a silly mistake I made through the configuration process.

Any suggestions on what could be going wrong or what should I try?
Thank you!

Louis Machado - CSA

Hello, there!

This is not actually an issue on the Xano's side. It's probably because the app's OAuth consent screen is not configured correctly in the Google Developer Console. However, other reasons might include your Google account not having 2FA or using a machine that doesn't comply with Google security rules, like old Macs.

Possible solutions:

• Redirect URI Mismatch: The app might be using a redirect URI that doesn't match any of the ones registered in the console. Check if http/https prefixes are correct or if you are using Bubble the /version-test suffix.
• OAuth client ID and secret: Make sure there isn't an extra space when you paste them into the environment variables.
• Scopes: The app might be requesting too many permissions or requesting access to scopes that it is not authorized to access.
• Test users: If you are not using the same Google account of your Developer's console, make sure that the test users have the correct permissions and roles.

For security in old macs, there is a thread going on the Apple's community.
https://discussions.apple.com/thread/254659965

Let us know if that pointed you in the right direction

napu

Hey @Louis Machado - CSA , thanks for the reply.
I went over the list of possible solutions:

• Redirect URI Mismatch: I double-checked and the redirect URI is correct (I have just one URI with a login form in there), I also added an HTTP one just in case, but no luck.
• OAuth client ID and secret: They're good!
• Scopes: Currently I'm not using any scopes, I'm just trying to make a signup/login.
• Test users: I've tried both ways, with the same Google account of the dev console, and with my personal email, both of those were already added as test users too.

You mention that not having 2FA could cause the problem, I tried to log in with 2 devices (one with 2FA, the other without it) and had no luck.
I also tried to set up a new project on the Google Cloud console with another google account also with 2FA on and update the client ID and secret on Xano, but nothing.

And just to try another thing, I also changed the user type from 'external' to 'internal' (so only people in my organization can test the app), but then again it didn't work.

Do you have any other ideas or suggestions? thank you so much already!

Micky.D

https://discord.com/channels/853733628931604480/1141794846542155918

This discord Discussion helped me solve it!