https://supertokens.com/ logo
Join Discord
Powered by
Is this request correct? What might be the cause o...
# support-questions-legacy
f
Is this request correct? What might be the cause of 400?
Copy code
Request failed with status code 400
Error: Request failed with status code 400
    at createError (D:\git\evt-server\node_modules\supertokens-node\node_modules\axios\lib\core\createError.js:16:15)
    at settle (D:\git\evt-server\node_modules\supertokens-node\node_modules\axios\lib\core\settle.js:17:12)
    at IncomingMessage.handleStreamEnd (D:\git\evt-server\node_modules\supertokens-node\node_modules\axios\lib\adapters\http.js:269:11)
    at IncomingMessage.emit (node:events:406:35)
    at endReadableNT (node:internal/streams/readable:1331:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)
n
Is this request correct? What might be the cause of 400?
Copy code
Request failed with status code 400
Error: Request failed with status code 400
    at createError (D:\git\evt-server\node_modules\supertokens-node\node_modules\axios\lib\core\createError.js:16:15)
    at settle (D:\git\evt-server\node_modules\supertokens-node\node_modules\axios\lib\core\settle.js:17:12)
    at IncomingMessage.handleStreamEnd (D:\git\evt-server\node_modules\supertokens-node\node_modules\axios\lib\adapters\http.js:269:11)
    at IncomingMessage.emit (node:events:406:35)
    at endReadableNT (node:internal/streams/readable:1331:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)
Hi, Which API spec were you using?
f
Sorry what do you mean?
this
thirdpartypasswordless *
n
Can you refer to the troubleshooting guide here: https://supertokens.com/docs/thirdpartypasswordless/troubleshooting/how-to-troubleshoot And let us know what output you get
f
there you go ... this is all I get 😐
message
n
Can you check the logs for when the server started as well?
f
there you go
message
n
@fragordie So that 400 is coming from the Google OAuth API, can you try with a valid 
code
?
f
I showed you a wrong one but the request is actually made with a valid code
1. https://prnt.sc/wHGc9BDyOExX 2. https://prnt.sc/9UoGpP5DkkIa 3. I'm redirected to 
https://evt-api-dev.revod.cloud/redirect?code=4%2Factualcodehere&scope=email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=consent
4. I execute the POST request showed above, inserting the code I received from the callback and replacing %2F with /.
I can tell you more. The error is thrown inside here:
n
Can you post the code for SuperTokens.init on the backend? (Stripping away any API keys)
Also in the request above, please check what the request_grant is
f
there you go
n
Can you post the full request config for the screenshot you sent earlier? (The one with the invalid grant error)
Or just the value of grant_type in the request body
f
oh ok there you go
grant_type=authorization_code
n
Actually the full request config would help in this case
f
sure,
Copy code
{
  "url": "https://accounts.google.com/o/oauth2/token",
  "method": "post",
  "data": "client_id=123953051473-g1186h1b6vgg7p2okdactap1v1dq1d00.apps.googleusercontent.com&client_secret=GOCSPX-yarSGNbRN6wfeewfwq8&grant_type=authorization_code&code=4%2F0AX4XfWgkPdHTlOArVBYLrq2DLB9fHl54bou4MgDZhZVzsxFgtLUKKQxnxfAZvnhOBlNMiQ&redirect_uri=https%3A%2F%2Fevt-client-planner-dev.revod.cloud%2Fredirect",
  "headers": {
    "Accept": "application/json",
    "Content-Type": "application/x-www-form-urlencoded",
    "User-Agent": "axios/0.21.4",
    "Content-Length": 316
  },
  "transformRequest": [
    null
  ],
  "transformResponse": [
    null
  ],
  "timeout": 0,
  "xsrfCookieName": "XSRF-TOKEN",
  "xsrfHeaderName": "X-XSRF-TOKEN",
  "maxContentLength": -1,
  "maxBodyLength": -1,
  "transitional": {
    "silentJSONParsing": true,
    "forcedJSONParsing": true,
    "clarifyTimeoutError": false
  }
}
you can tell me if you need to see any specific object
n
Give me a bit, gonna try it out myself and let you know if I find anything
f
sure thing, thank you so much
The only change I've made that didn't follow the guide is overriding the authorization url so I could append a custom redirect uri. Just for your information maybe that might be causing issues
n
Oh that could be the issue, can you try using the same redirect uri as the one thats configured in your Google OAuth app?
f
I do
And the consent screen shows properly
n
Ah ok, you meant you didnt use the same route as the one in docs
Yeah that shouldnt cause problems
f
yeah well
look
Copy code
ts
authorisationUrlGET: async function (input: {
                  provider: TypeProvider;
                  options: ThirdPartyAPIOptions;
                  userContext: any;
                }): Promise<{
                  status: 'OK';
                  url: string;
                }> {
                  const response =
                    await originalImplementation.authorisationUrlGET(input);
                  if (input.provider.id != 'google') return response;
                  if (response.status != 'OK') return response;
                  const urlWithRedirect = new URL(response.url);
                  urlWithRedirect.searchParams.delete('redirect_uri');
                  if (input.options.req.original.query.redirect_uri) {
                    urlWithRedirect.searchParams.append(
                      'redirect_uri',
                      input.options.req.original.query.redirect_uri,
                    );
                  }
                  return {
                    status: 'OK',
                    url: urlWithRedirect.toString(),
                  };
                },
does everything look correct here to you?
it's under ovverride -> apis
the consent screen throws an invalid_redirect_uri error when the uri doesn't match so i suppose that's not the issue (because I can correctly see consent, login and get the code back)
n
Nothing looks out of place, ill investigate
f
@nkshah2 it worked!
I had to replace a parameter supertokens sets
n
Oh what did you change?
f
access_type is set offline by default
it had to be online
n
Can you post the code of where you changed it (for the reference of others)
f
Copy code
ts
recipeList: [
  ThirdPartyPasswordless.init({
    flowType: 'MAGIC_LINK',
    contactMethod: 'EMAIL',
    providers: [
      ThirdPartyPasswordless.Google({
        clientId: this.envConfig.get<string>('OAUTH_GOOGLE_CLIENT_ID'),
        clientSecret: this.envConfig.get<string>(
          'OAUTH_GOOGLE_CLIENT_SECRET',
        ),
      }),
    ],
    override: {
      apis: (originalImplementation) => {
        return {
          ...originalImplementation,
          authorisationUrlGET: async function (input: {
            provider: TypeProvider;
            options: ThirdPartyAPIOptions;
            userContext: any;
          }): Promise<{
            status: 'OK';
            url: string;
          }> {
            const response =
              await originalImplementation.authorisationUrlGET(input);
            if (input.provider.id != 'google') return response;
            if (response.status != 'OK') return response;
            const urlWithRedirect = new URL(response.url);
            urlWithRedirect.searchParams.delete('redirect_uri');
            if (input.options.req.original.query.redirect_uri) {
              urlWithRedirect.searchParams.append(
                'redirect_uri',
                input.options.req.original.query.redirect_uri,
              );
              urlWithRedirect.searchParams.delete('access_type');
              urlWithRedirect.searchParams.append(
                'access_type',
                'online',
              ); // line that fixed
            }
            return {
              status: 'OK',
              url: urlWithRedirect.toString(),
            };
          },
        };
      },
thank you anyway 😊
n
Glad you got it working!
Happy to help (even though I didnt in this case)
In this the redirect uri you set is 
http://evt-api-dev.revod.cloud/redirect
But when making the POST request you use 
https://evt-client-planner-dev.revod.cloud/redirect
While both may be whitelisted urls on your Google OAuth config, because the two are different Google throws a Bad Request
@fragordie Thats why youre getting that error
Using access_type online actually bypasses the refresh token flow and is not the solution for this
f
I noticed that right after, but the error still appears
I'm trying again by the way so I can double check
n
Make sure to not override access_type when you try again
f
you are totally right, I thought I already changed the link
it works with access_type offline!
that was it
n
Awesome, happy to help
f
it's crazy how invalid_grant may involve MANY different errors 😅
n
Yep :p The "Bad Request" doesnt help either
f
Thank you again
4 Views
PreviousNext
Powered by