PHP Yii2 : Erratic behaviour of Google OAuth2 client library

0
votes

We are using google as OAuth2 client in our application which is using PHP yii2 framework.While preparing authorization request the redirect_uri gets configured correctly in the buildAuthUrl() method (OAuth2.php) and users get authorized as expected. Now, when we try to exchange the code for an accessToken from Google Server the redirect_uri somehow gets appended with the scope like this => http://cms.local.com/user/auth/login?authclient=google&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile. When we send this request to google we get an HTTP 400 error with message redirect_uri_mismatch. Weird thing is that it has been working just fine until yesterday and then suddenly we started receiving the above mentioned error from Google (We have not changed the URIs in our Project in Google Dev Console, we double checked everything). What could have caused this sudden mismatch? Any help would be highly appreciated. Thanks

1
phpoauth-2.0yii2google-oauth
as far as i know google OAuth does not work on local system, but live domain. and you have t provide the redirect_uri in your google console and your Authorised originsMuhammad Omer Aslam
@MuhammadOmerAslam You can make it work for your localhost also, and it is not the issue. We have required redirect_uri in our google dev console. Problem is in the fetchAccessToken() method, the uri which the library is configuring is not correct which is leading to the error.viks1010
It might be that you're using a valid domain as your local domain. As far as google knows, local.com is not local, and cms.local.com is not resolving in DNS servers.Jørgen
@Jørgen As I mentioned, the issue is not in the local domain, it works fine for me. The problem is the scope which gets appended to my redirect_uri leading to the mismatch thrown by Google Server. As far as I could have debugged, I found out that it seems some problem in yii2-authclient library.viks1010

1 Answers

0
votes

This happened because of defautlReturnUrl() method of "yii-authclient" library. The 'scope' was not getting unset from the redirect_uri and hence Google threw HTTP 400 bad request error. This could be avoided by following below approaches :

  1. setting up the returnUrl explicitly in the component configuration where we specify client_id, client_secret etc.
  2. In defaultReturnUrl(), unset['scope'] along with 'code' and 'state'.