Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

[SOLVED] Debugging google oauth flow

  • 0
  • Web
View on Discord
Nevus
17 Jun, 2023, 15:22

I am using web sdk with following code:

TypeScript
  async function googleSignIn(e) {
    const result = account.createOAuth2Session('google', 'http://localhost:5173/me', 'http://localhost:5173/failed');
    console.log('From google sign in', result);
    e.preventDefault();
  }

clicking on the button redirects to google and back to http://localhost:5173/me but no cookies are being set and account.get() returns 401

TL;DR
The problem in this support thread is that there are multiple redirects happening during the Google OAuth flow and the SDK does not have access to the responses after the first one. The issue is resolved by using custom domains. The cookies set during the process are considered third-party cookies by the app, so they are not sent when making API calls to Appwrite. The solution is to ensure that third-party cookies are enabled. The thread provides a step-by-step explanation of the OAuth flow and clarifies that there is no fallback header on the redirect. The problem with not being able to set cookies and getting a 401 error is resolved by using custom domains
Nevus
17 Jun, 2023, 15:25

I am using cloud and I am stuck with no logs

Drake
17 Jun, 2023, 15:25

It's probably due to 3rd party cookies. There should be previous <#1072905050399191082> threads on this

Nevus
17 Jun, 2023, 15:25

isn't there a fallback?

Drake
17 Jun, 2023, 15:27

The fallback isn't used in the oauth flow because it's not possible to set the header on redirect

Nevus
17 Jun, 2023, 15:30

ahh I thought the flow was browser->cloud.appwrite.io->google->cloud.appwrite.io->browser

Drake
17 Jun, 2023, 15:33

Sort of...this all happens in the browser so instead of browser, that should be your app

Drake
17 Jun, 2023, 15:34

And so during that redirect from cloud to your app, it's not possible to set the fallback header

Nevus
18 Jun, 2023, 01:23

How is this different from using createEmailSession?

Drake
18 Jun, 2023, 01:24

That's a request and response, not a redirect

Nevus
18 Jun, 2023, 01:58

So, the process is:

  1. User clicks sign-in button.
  2. Request 1: GET request to https://cloud.appwrite.io/v1/account/sessions/oauth2/google
  3. Response 1: 301 redirect to https://accouts.google.com/<whatever>
  4. User logs in to google.
  5. Request 2: google
  6. Response 2: 302 to https://cloud.appwrite.io/v1/account/sessions/oauth2/callback/google with the code and google's cookies
  7. Request 3: <appwrite cloud>/oauth2/callback/google
  8. Response 3: Redirect to https://cloud.appwrite.io/v1/account/sessions/oauth2/google/redirect with Set-Cookie headers
  9. Request 4: <appwrite cloud>/oauth2/google/redirect
  10. Response 4: Redirect to my app using success parameter.

And third party cookies are needed because fallback headers can't be set on response 3?

Nevus
18 Jun, 2023, 01:59

soo many redirects 😭

Nevus
18 Jun, 2023, 01:59

or is it the cookies from google that are needed for it to work?

Drake
18 Jun, 2023, 02:09

Cookies are set at step 9, but they're considered 3rd party cookies by your app, so they aren't sent when your app makes API calls to Appwrite

Nevus
18 Jun, 2023, 02:11

aye so custom domains are the solution?

Nevus
18 Jun, 2023, 02:16

so the problem is that the there's a bunch of redirects happening and the sdk doesn't have access to any responses after Response 1. Cookies work only because browser automatically sends them.

Nevus
18 Jun, 2023, 02:16

[SOLVED] Debugging google oauth flow

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more