Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't work with the Google Drive (v3) api #18

Open
johot opened this issue Apr 17, 2017 · 1 comment
Open

Doesn't work with the Google Drive (v3) api #18

johot opened this issue Apr 17, 2017 · 1 comment

Comments

@johot
Copy link

johot commented Apr 17, 2017
edited
Loading

I just tried doing a login with settings for google drive but can't get it working, I will constantly get a 401 error. After further inspection of my headers I can see that the wrong JWT token is being sent. When using the google drive rest API the JWT token will be located in a query string parameter called "access_token" and not "id_token". So I tried updating the config to look like this instead (the documentation from google says the request_type parameter should be token.

oauthTokenService.configure(
{
  name: 'token',
  urlTokenParameters: {
    idToken: 'access_token'
  }
});

But when doing this the google api will complain that the parameter nonce is included... So I removed it by changing the source code a bit but now I get an error that the JWT claims can't be properly parsed...

Anyway have anyone tried using this library for the Google Drive API? From my understanding the id_token is only used for email and some other Google API:s, maybe this library has only been tested against those APIs?

Anyway thanks for a great library I guess this would be an easy fix for @matik12 :)

More info from google here: https://developers.google.com/drive/v3/web/about-auth
and here https://developers.google.com/identity/protocols/OAuth2UserAgent
@matik12
Copy link
Owner

matik12 commented Apr 17, 2017

Hi @johot,

sorry for causing troubles when using this plugin. I have been using this implementation mostly for projects with Azure AD and some custom OAuth2 SSO endpoint maintained by big UK company, so I guess there are many use cases, where this code may not work out of the box.

About the configuration, you're right, these settings are the sample configuration so you can adjust them according to the needs of your SSO endpoint. In case of Google I guess (I haven't tried the integration yet) you have proper configuration, because Google API requires access_token to be sent in the request header, but there is an issue - this token is not in JWT format like the id_token and thus the implementation throws and errors during parsing. It relays on the token and its claims data to track token valid period etc.

I have some ideas how to solve this problem and enhance plugin functionality, but I am not sure if I have enough time to implement it in the near future. The first solution, I can think of is to extend OAuthTokenService functionality to store all the tokens that are send back in the redirect url - in this use case there will be 2 tokens: id_token and access_token. Then add an option to configure, the token name that will be send in the request header when calling protected resource - in this use case it is an access_token. So basically, we stay with id_token configuration - this token is JWT, contains claims so everything should be fine, but we send requests with access_token - this could make Google API happy :)

According to nonce parameter, now it's required as you noticed but there could be added an option in configuration, that can turn off sending this parameter in the authorization request.

Thanks and take care,
Mat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matik12 @johot