Within the last day, Google Social Auth in our web...
# general
Within the last day, Google Social Auth in our web app tries to log us in to supertokens.io instead of our app. We are providing the Google Clied Id and Secret associated with our app. We did switch from using an IP to our dev domain name in the last several days if that makes a difference. Why is it trying to log into supertokens.io?
Hey! That’s really weird. Did you change a version of the backend SDK?
just checked. it hasn't changed. github.com/supertokens/supertokens-golang v0.6.6
:authority: supertokens.io :method: GET :path: /dev/oauth/redirect-to-provider?access_type=offline&include_granted_scopes=true&response_type=code&client_id=1060725074195-kmeum4crr01uirfl2op9kd5acmi9jutn.apps.googleusercontent.com&actual_redirect_uri=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fv2%2Fauth&scope=profile+email&redirect_uri=%2Fauth%2Fcallback%2Fgoogle :scheme: https accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cache-control: no-cache pragma: no-cache referer: https:///
this seems like it would be related from the golang sdk code
if providerInfo.GetRedirectURI != nil && !isUsingDevelopmentClientId(providerInfo.GetClientId(userContext)) { // the backend wants to set the redirectURI - so we set that here. // we add the not development keys because the oauth provider will // redirect to supertokens.io's URL which will redirect the app // to the the user's website, which will handle the callback as usual. // If we add this, then instead, the supertokens' site will redirect // the user to this API layer, which is not needed. rU, err := providerInfo.GetRedirectURI(userContext) if err != nil { return tpmodels.AuthorisationUrlGETResponse{}, err } params["redirect_uri"] = rU }
if using the dev client id:
if isUsingDevelopmentClientId(providerInfo.GetClientId(userContext)) { params["actual_redirect_uri"] = providerInfo.AuthorisationRedirect.URL
tried a different google client id and secret. no wget this:
If you’re the app developer, make sure that these request details comply with Google policies. redirect_uri: /auth/callback/google
in Google Api Console... i have a callback url like: https://dev.xxxxxx.us/auth/callback/google
Hey! So are you using a custom UI on the frontend?
Cause the redirect_uri query param is not correctly set in that request
It needs to be the full domain and path and not just /auth/callback/google
agh ok. we are. where do i set that?
When you get back the URL on the frontend, you can edit that query param before redirecting the user to it.
ty! will do.