[SOLVED] Debugging google oauth flow

I am using web sdk with following code:

TypeScript

  async function googleSignIn(e) {
    const result = account.createOAuth2Session('google', 'http://localhost:5173/me', 'http://localhost:5173/failed');
    console.log('From google sign in', result);
    e.preventDefault();
  }

clicking on the button redirects to google and back to http://localhost:5173/me but no cookies are being set and account.get() returns 401

TL;DR

The problem in this support thread is that there are multiple redirects happening during the Google OAuth flow and the SDK does not have access to the responses after the first one. The issue is resolved by using custom domains. The cookies set during the process are considered third-party cookies by the app, so they are not sent when making API calls to Appwrite. The solution is to ensure that third-party cookies are enabled. The thread provides a step-by-step explanation of the OAuth flow and clarifies that there is no fallback header on the redirect. The problem with not being able to set cookies and getting a 401 error is resolved by using custom domains

I am using cloud and I am stuck with no logs

It's probably due to 3rd party cookies. There should be previous <#1072905050399191082> threads on this

isn't there a fallback?

The fallback isn't used in the oauth flow because it's not possible to set the header on redirect

ahh I thought the flow was browser->cloud.appwrite.io->google->cloud.appwrite.io->browser

Sort of...this all happens in the browser so instead of browser, that should be your app

And so during that redirect from cloud to your app, it's not possible to set the fallback header

How is this different from using createEmailSession?

That's a request and response, not a redirect

So, the process is:

User clicks sign-in button.
Request 1: GET request to https://cloud.appwrite.io/v1/account/sessions/oauth2/google
Response 1: 301 redirect to https://accouts.google.com/<whatever>
User logs in to google.
Request 2: google
Response 2: 302 to https://cloud.appwrite.io/v1/account/sessions/oauth2/callback/google with the code and google's cookies
Request 3: <appwrite cloud>/oauth2/callback/google
Response 3: Redirect to https://cloud.appwrite.io/v1/account/sessions/oauth2/google/redirect with Set-Cookie headers
Request 4: <appwrite cloud>/oauth2/google/redirect
Response 4: Redirect to my app using success parameter.

And third party cookies are needed because fallback headers can't be set on response 3?

soo many redirects 😭

or is it the cookies from google that are needed for it to work?

Cookies are set at step 9, but they're considered 3rd party cookies by your app, so they aren't sent when your app makes API calls to Appwrite

aye so custom domains are the solution?

so the problem is that the there's a bunch of redirects happening and the sdk doesn't have access to any responses after Response 1. Cookies work only because browser automatically sends them.

[SOLVED] Debugging google oauth flow

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support