Passport Google Dep Update Failure #613
Comments
Martii
added
expedite
|
See also:
|
sizzlemctwizzle
added
intended behavior
|
Just tested it on production and authentication works. Of course it doesn't work locally. We don't have OAuth creds in the development database. Even GitHub authentication would work when running production locally because the callback for the pro creds is openuserjs.org not localhost:8080. |
|
@sizzlemctwizzle |
Martii
added
expedite
|
P.S. I can bump the dev dep Sunday evening but if it kills nodejitsu logging in with Google it will be soley your responsibility to fix this. |
|
I'm really confused. I never made any recent change. Logging in with Google OAuth on production and local production (with that callback hack you showed me) works (see user test2). Using my main account, GitHub OAuth works on dev, pro, and local pro. So overall I'm not sure where you're encountering a problem. Could you let me know what accounts you are using to test Google OAuth? That way I can inspect the session data. Also are you using direct login, registration, or adding a Google strategy while logged in? |
Correct because the GH Oauth is present for all environments both in the server and user side (hence the server side "GitHub Authenticated" message in the console we all see in dev and pro via jitsu package)... but not all authentications are available in the dev environment user side... which is why you initially closed this issue thinking that I was in that environment and I'm not testing there. I can't test Google OAuth in dev user side without posting a key pair of my own in the API section for a little bit server side or exposing pro's credentials...which I won't do obviously for security reasons on the latter.
Martii. You can't use AuthAs so you would need to know my pass for google.
Everything but new account registration/toggling strategy, since I already have that static test account, for google. I converted my Google gmail account to Google+... current version of passport-google-oauth works with either account type at google... but plain google accounts are being deprecated as mentioned above in the commit summary given at that link. e.g. the "profile" scope is being deprecated in favor of the Google+ API scope... which means the OUJS account you signed up with for the API key pairing (Similar to the one I sent you screen shots to developer.google.com) you need to add/convert that account, which you have access to and I do not, to use the Google+ API instead of their deprecated standard/classic API for any authentication... e.g. somewhere in that mess on their dev pages you need to add the Google+ API in order for the passport-google-oauth dep to be updated before they retire/EOL the standard/classic API... If you don't do this and I (or you) bump the dep version it produces the the initial issue session log reported above and fails to authenticate at all because it has migrated to Google+ API in passport-google-oauth dep in 0.2.0... doesn't seem to crash "the server locally with pro credentials" (hence local production for short)... but one can never login with google to local production with a google account... and should be nearly the same on remote production (or actual production if you wish to call it that)... the only difference is node.js version here vs nodejitsu and the core platform on nodejitsu is SunOS (Solaris) whereas my main machine is IA64 bit (and IntelArchitecture32 bit on another slower machine for platform testing packages out... so far I haven't encountered any difference in IA32 but I test less periodically on it) Also if I correct the scope in the Code to use Google+ API which will also have to happen at some point... it still reproduces the same access status error/exception. The dep appears okay but the credentials on remote production (most probably and the reason this issue exists) and local production (definitely) bomb out because the OUJS account you use as the "site account" isn't configured to handle Google+ API... Does this make more sense? |
|
I just enabled the Google+ API. I also added Google OAuth creds to the dev database. |
Hmmm... not getting the issue on dev with those server side credentials and my user side credentials ... but am getting it on my running version of local pro... guess I'll just have to take a gamble on if remote pro handles it... will deploy in a few minutes... if failure that can mean one of two things... the Google+ API hasn't been enabled for production (remote pro) account |
|
Error on remote pro (production) with v0.1.7-53. Will attach screenshot of browser window after rollback to v0.1.7-51 but here's the jitsu log for my attempt at logging in with my google account on production (dev worked fine and it prompted me for profile access as if it was brand new): [04/06 03:32:34 MDT][out] GitHub client authenticated
[04/06 03:35:02 MDT][err] InternalOAuthError: failed to fetch user profile (status: 403 data: {
[04/06 03:35:02 MDT][err] "error": {
[04/06 03:35:02 MDT][err] "errors": [
[04/06 03:35:02 MDT][err] {
[04/06 03:35:02 MDT][err] "domain": "usageLimits",
[04/06 03:35:02 MDT][err] "reason": "accessNotConfigured",
[04/06 03:35:02 MDT][err] "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration.",
[04/06 03:35:02 MDT][err] "extendedHelp": "https://console.developers.google.com"
[04/06 03:35:02 MDT][err] }
[04/06 03:35:02 MDT][err] ],
[04/06 03:35:02 MDT][err] "code": 403,
[04/06 03:35:02 MDT][err] "message": "Access Not Configured. The API (Google+ API) is not enabled for your project. Please use the Google Developers Console to update your configuration."
[04/06 03:35:02 MDT][err] }
[04/06 03:35:02 MDT][err] }
[04/06 03:35:02 MDT][err] )
[04/06 03:35:02 MDT][err] at /opt/run/snapshot/package/node_modules/passport-google-oauth/lib/passport-google-oauth/oauth2.js:88:28
[04/06 03:35:02 MDT][err] at passBackControl (/opt/run/snapshot/package/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:124:9)
[04/06 03:35:02 MDT][err] at IncomingMessage.<anonymous> (/opt/run/snapshot/package/node_modules/passport-google-oauth/node_modules/passport-oauth/node_modules/passport-oauth2/node_modules/oauth/lib/oauth2.js:143:7)
[04/06 03:35:02 MDT][err] at IncomingMessage.emit (events.js:117:20)
[04/06 03:35:02 MDT][err] at _stream_readable.js:943:16
[04/06 03:35:02 MDT][err] at process._tickDomainCallback (node.js:463:13)Screen capture of this error with Google login attempt on production: |
|
Rolled back active snapshot to v0.1.7-51.
For both OUJS accounts (or site project profiles... don't know what you did exactly since that is in your realm) in relation to their respective API keys? |
|
Rolled forward... production check okay after account corrected... thank you sir... assigning to me for the moment for the remainder (with any luck). Will attempt the scope update in about a day of user trials on pro and after some retesting in dev. |
Martii
added
the
needs testing
…cope * Change on account here prompted for Google+ profile access and "circles" *(manually changed with the pencil to "only you")*... checks okay. * Exact deprecation is described at https://developers.google.com/+/api/auth-migration#timetable ... attention point at OpenID deprecation which says to migrate to Google+ signin * Upgrade reminder to final stage CSS coloring. Closes OpenUserJS#613 and applies to OpenUserJS#484
Martii
removed
needs testing
* Comment in code that `profile` is OAuth 2.0 profile * Renamed a few PRs and Issues with the OpenID 2.0 naming correction when we switched to native OAuth 2.0 scope which failed down the line from historical comments. Perhaps helping clarify this a bit. Closes OpenUserJS#1526 and applies to OpenUserJS#613, OpenUserJS#484 Refs: * https://developers.google.com/identity/protocols/googlescopes#openid_connect * https://www.gluu.org/blog/oauth-vs-openid-whats-the-difference/ *(Seems like a good explanation of the OpenID Connect aspect of this OAuth2 strategy)* > ~"OpenID Connect–not OpenID 1.0 or OpenID 2.0 (both previous versions are deprecated!)–is a profile of OAuth 2.0 that defines a workflow for authentication. The big difference between OpenID Connect and OAuth2 is the id_token. There is no id_token defined in OAuth2 because the id_token is specific to federated authentication." * https://oauth.net/articles/authentication/ *(laid out details)* NOTE: * This auth is really a mess between npmjs.com, GH, and all the changes goo has done over the years. This seems to be the path forward but am still relooking at OpenUserJS#889 fallout
Local pro login (after callback) via google in the console...
As I don't have access to the root OUJS google account, this needs to be handled by @sizzlemctwizzle directly for dep update passport-google-oauth v0.2.0 at /package.json#L40
I would recommend doing this (adding Google+ API to the OUJS google account) ASAP in case this affects the google authentication deprecation from #484 before April 20th to avoid potential service disruption for those user accounts.
The text was updated successfully, but these errors were encountered: