Skip to content
Start building
Back

Fixing OAuth2 authentication issue

  • 0
  • Databases
  • Auth
  • Web
View on Discord
MK💻
21 Aug, 2025, 19:11

I am using React-Router and Vite to implement google auth , I have setup my Google CLient ID and the consent forms comes , But after I have signed up with Google I get the "user ID" and "secret" to my localhost app/api/callback

// loginWithGoogle called on button clikc "export const loginWithGoogle = async () => { try { account.createOAuth2Token( OAuthProvider.Google, ${window.location.origin}/api/callback, ${window.location.origin}/sign-in, ); } catch (error) { console.error("Error during OAuth2 session creation:", error); } };"

Following the setups located here "https://appwrite.io/blog/post/fixing-oauth2-issues-in-appwrite-cloud?doFollow=true" Now I recieve userID and secret in my loader function and send it to a handleCallback to create a session and a document if not exist for the current user as follows

//handleCallback try { // Create a session using the OAuth2 token await account.createSession(userId, secret)

TypeScript
// Get the user data
const user = await account.get()

if (!user) return redirect("/sign-in")
const { documents } = await database.listDocuments(
  appwriteConfig.databaseId,
  appwriteConfig.userCollectionId,
  [
    Query.equal("accountId", user.$id),
  ]
);
// Create a new user document one sign in with google
if (documents.length === 0) {
  await database.createDocument(
    appwriteConfig.databaseId,
    appwriteConfig.userCollectionId,
    ID.unique(),
    {
      accountId: user.$id,
      email: user.email,
      name: user.name,
      joinedAt: new Date().toISOString(),
    }
  );
}
return redirect("/")

"

But I keep getting " code: 401, type: 'general_unauthorized_scope', response: '{"message":"User (role: guests) missing scope (account)","code":401,"type":"general_unauthorized_scope","version":"1.7.4"}' " mesage

Can any one help?

TL;DR
Developers are encountering a 401 error while implementing Google OAuth2 authentication in their React-Router applications. They are receiving a "general_unauthorized_scope" message. The issue seems to be related to missing scopes in the user account. To fix this, they need to ensure that the necessary scopes are configured properly for the user role.
Steven
21 Aug, 2025, 19:37

FYI, it's best to wrap code in backticks to format a bit nicer. You can use 1 backtick for inline code (https://www.markdownguide.org/basic-syntax/#code) and 3 backticks for multiline code (https://www.markdownguide.org/extended-syntax/#syntax-highlighting).

Steven
21 Aug, 2025, 19:38

Loader function? So that's server side?

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more