stackoom
  简体   繁体   中英

Why is Google Oauth2 rejecting client id when authenticating via mobile app?

 原文  2022-11-25 11:38:04       android/ react-native/ google-cloud-platform/ oauth-2.0/ google-oauth

Question

we have a multifaceted application encountering some issues with Google OAuth. There is a Java-based API, along with a React front end and React Native mobile app.

For some time now we have been successfully using OAuth2 to allow Google users to sign in via the React app. We're using the offline/code approach so we first request an authorization code, which gets sent to our API and is then exchanged for a token via Googles servers. The API is responsible for additional checks and account setup.

We're hitting problems however in the mobile app (React native). The app 'appears' to be behaving correctly in that it's obtaining an authorization code, however, when we send this to our API and the API attempts to exchange the code for a token, the response we get back is

 {
  "error": "unauthorized_client",
  "error_description": "Unauthorized"
 }

We can see in our logs, the request looks good. If we compare the post body of this failing request, with the body of a working request we can see content is identical except for the authorization code. Which is expected. So the unauthorized_client error is somewhat misleading.

On the Google Oauth side, both the Android credentials and the Web credentials(used by API) are under the same project, so my understanding is, although they have different client ids, there should not be a problem as Google OAuth supports Cross Client Identity .

Has anyone encountered a similar situation and understands what our problem really is?

1 answers

solution1
 0  2022-11-25 11:51:02

The issue can happen if you take a refresh token that was created on a web application and then try to use it on an installed application it wont work as that client id was not the one that was used to create the refresh token.

There is however a single exception that i am aware of. A mobile app client can use the tokens created by other client types with in the same project, this does not work the other way though. Web and installed clients can not use tokens created by mobile app clients. There is something inside mobile clients that is not in the web and installed clients.

hence unauthorized_client meaning that this client id was not authorized by the user.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can OAuth2 be used in Google Cloud Client Libraries? Extract data from Google Analytics Data API (Ga4) via oauth2 (consent screen) Why am I getting a CSRF 403 from OAuth2 Proxy when running on GKE but not locally? Spring boot mixed form login and oauth2 Google login don't work when deploying the code in Google Cloud Sending Google Analytics Events via API: How to get app_instance_id or client_id from Firebase SDK from web client? Google Cloud Platform adding OAuth Client ID says Requested entity already exists get google Oauth2 access token using ONLY curl Firebase Cloud messaging : app/invalid-credential - failed to fetch a valid Google OAuth2 access token React-app Google OAuth2 .0 Error 400: redirect_uri_mismatch Cognito OAuth2 access code handling with a desktop app
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM