Comments (7)
ctron
commented on July 30, 2024
When navigating the browser to the OAuth2 server (Google in this case) it adds a parameter to the request which tells the OAuth2 server where to redirect to, after a successful authentication. In most cases this URL must be explicitly allowed through some configuration.
I am not sure how this works exactly with Google, but in Keycloak and GitHub you have some fields to put in the URL. The URL is discovered by yew-oauth2 from the browser:
Lines 378 to 384 in 5c0b412
You should be able to see the URL in the request send to the Google OAuth2 endpoint (it's URL encoded), and this URL should be allowed on the Google side. For Keycloak it is possible to use wildcards (*) to work allow patterns or URLs. That sometimes helps with localhost URLs and random ports. It depends on your OAuth2 implementation how and if this is enforced, and what can be configured.
from yew-oauth2.
collinsmarra
commented on July 30, 2024
Thank you. I added both http://127.0.0.1:8080 and http://localhost:8080 as the redirect uri and it seemed to have fixed the error. However, this is the result.
This is the response from google servers
But I know I am not supposed to pass in the client secret at this point, because the token is to be taken to the backend to be used there. Could I be missing anything here?
from yew-oauth2.
ctron
commented on July 30, 2024
Cool. You need to set up a client with doesn't require a secret. As this is a web/frontend application, you can't use a secret. In Keycloak terminologies this is a "public client". Not sure how that is called in Google-land.
But if you figure it out, it would be great to let me (any possibly others) know 😀
from yew-oauth2.
collinsmarra
commented on July 30, 2024
I do get the redirect, which is fine. But I think in this case yew-oauth2 tries to exchange something with the google servers without the client_secret. So I get the error.
But for my needs, I wanted to dump the JWT code from google so I can parse them to the backend. That is where I could use the client_secret, decode the code, get the needed info and then issue a user new fresh tokens from my own backend.
from yew-oauth2.
ctron
commented on July 30, 2024
When using yew-oauth2, we are talking about a "public client": https://oauth.net/2/client-types/ … that does not involve a "client secret" as it cannot be kept confidential/secret.
This has been discussed before: #3 (comment) and following … maybe take a look. I think it also mentions/links to Google documentation regarding this.
When communicating with Google APIs, I would expect to only forward the access token (which your backend received from the frontend).
from yew-oauth2.
ctron
commented on July 30, 2024
Here is the link to Google's documentation: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow#oauth-2.0-endpoints
from yew-oauth2.
ctron
commented on July 30, 2024
Can we close this one?
from yew-oauth2.
Related Issues (18)
- Authentication State Doesn't Persist Through Page Refresh HOT 7
- Router seems to work fine without the router feature HOT 2
- Client secret param
- Add support for the Next (after 0.19) version of Yew HOT 12
- Provide a way to redirect when not logged in
- Notes on using examples HOT 3
- Could `Config::token_url` be made optional? HOT 5
- Supporting Google OAuth2 HOT 5
- OpenID Connect Client authentication HOT 1
- Store and Reuse AccessToken for Silent Login HOT 1
- Not configurable 'redirect_url' for a openidclient HOT 5
- Support yew 0.21 HOT 1
- Time not implemented on this platform on yew-oauth2-example HOT 3
- Using Auth0 as IDP and manage on Client the redirection. HOT 17
- post_login_redirect doesn't actually redirect if the callback is not used HOT 4
- How to retrieve additional claims from the ID token? HOT 4
- Refresh of access token issue HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yew-oauth2.