yii2, google outh2 and scope

Question

I am using Yii2, GoogleOAuth and yii2-user extension. I want to receive user google circles and set scope to my config:

'authClientCollection' => [
        'class' => 'yii\authclient\Collection',
        'clients' => [
            'google' => [
                'class' => 'yii\authclient\clients\GoogleOAuth',
                'clientId' => '758709912345-p4qp4lqihit5un1u6qb75msqp5m5j6d8.apps.googleusercontent.com',
                'clientSecret' => 'ZygOIi1-0asfktUQ1pKOFOo',
                'scope' => 'https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/drive',
            ],
        ],
    ]

When I login with Google OAuth2 I had error:

Exception – yii\authclient\InvalidResponseException Request failed with code: 400, message: { "error" : "redirect_uri_mismatch" }

Google response:

[
'url' => 'https://accounts.google.com/o/oauth2/token'
'content_type' => 'application/json'
'http_code' => 400
'header_size' => 435
'request_size' => 644
'filetime' => -1
'ssl_verify_result' => 0
'redirect_count' => 0
'total_time' => 0.115431
'namelookup_time' => 0.001186
'connect_time' => 0.025188
'pretransfer_time' => 0.076275
'size_upload' => 456
'size_download' => 39
'speed_download' => 337
'speed_upload' => 3950
'download_content_length' => -1
'upload_content_length' => 456
'starttransfer_time' => 0.114206
'redirect_time' => 0
'certinfo' => []
'primary_ip' => '2a00:1450:4010:c08::54'
'primary_port' => 443
'local_ip' => '2a03:6f00:1::5c35:726b'
'local_port' => 33160
'redirect_url' => ''

]

When I removed from the configuration Google+ scope(https://www.googleapis.com/auth/plus.login) authorization go with out error and Google response is:

[
'url' => 'https://accounts.google.com/o/oauth2/token'
'content_type' => 'application/json; charset=utf-8'
'http_code' => 200
'header_size' => 522
'request_size' => 526
'filetime' => -1
'ssl_verify_result' => 0
'redirect_count' => 0
'total_time' => 0.13719
'namelookup_time' => 0.001212
'connect_time' => 0.026261
'pretransfer_time' => 0.079765
'size_upload' => 338
'size_download' => 900
'speed_download' => 6560
'speed_upload' => 2463
'download_content_length' => -1
'upload_content_length' => 338
'starttransfer_time' => 0.136241
'redirect_time' => 0
'certinfo' => []
'primary_ip' => '2a00:1450:4010:c08::54'
'primary_port' => 443
'local_ip' => '2a03:6f00:1::5c35:726b'
'local_port' => 37583
'redirect_url' => ''

]

Problem only in https: //www.googleapis.com/auth/plus.login . My enabled APIs: http://minus.com/lJ5nw7caXJApD

just a not that `https://www.googleapis.com/auth/userinfo.email` is deprecated. you should use `email` instead. see [docs](https://developers.google.com/+/api/oauth) — Tahir, Mar 03 '15 at 13:39
If I put only https://www.googleapis.com/auth/plus.login in scope I has the same error "redirect_uri_mismatch". — Pavel Erastov, Mar 03 '15 at 16:01
you know that this error is regarding the `REDIRECT URIS` that you need to set in your app credentials in google console, right? it should be the url to your `auth` action. — Tahir, Mar 04 '15 at 10:40
Yes, of course. I do that: http://i5.minus.com/jK6yYuDFN8dZr.png And on Google+ API: http://i5.minus.com/jJ5nw7caXJApD.png — Pavel Erastov, Mar 04 '15 at 11:00
And did you check what's the requested url in address bar when you get the error? — Tahir, Mar 04 '15 at 11:05
Also just to note that change in redirect uri doesn't take effect immediately, so don't keep changing the redirect uri in google console. at least i experienced problems regarding this when i was implementing it — Tahir, Mar 04 '15 at 11:07
Yes, its http ://mysite.ru/user/security/auth?authclient=google&code=4/8FnIrb4JSLzpNGgrd2c5GLASLFNh0mG0FHN_fEpYyjU.4v-qjZ2rlHAQPvB8fYmgkJxVUhTJlwI&authuser=0&num_sessions=1&prompt=consent&session_state=7c5507a77a8463b9464bcbadf1e13a5715b5abc7..6863 I know that changes dont work immediately, my app work with google oauth2 well if I dont add google+ scope — Pavel Erastov, Mar 04 '15 at 11:30
There should be a parameter `redirect_uri`in url which I don't see. Normally it should be included automatically. Try to set 'returnUrl' property in your auth client configuration explicitly. see [docs](http://www.yiiframework.com/doc-2.0/yii-authclient-baseoauth.html#$returnUrl-detail) for more info. — Tahir, Mar 04 '15 at 16:05
Tahir many thanks, you are the best! When I add to my config return_url, which I registrated in google console - all works! I kill 4 evenings on it problem:) The most interesting that this parametr requered only for https://www.googleapis.com/auth/plus.login. Another scope(google drive, email, profile) works with out it. — Pavel Erastov, Mar 04 '15 at 17:33
I'm glad that I could help. I have posted it as an answer, please accept it if it helped. Also I have written an [article](http://mushtaqtahir.com/blog/2/facebook-authentication-using-yii2-authclient) about yii2-authclient extension usage, it may help you to get some more info regarding under the hood things. — Tahir, Mar 05 '15 at 07:13
@1Pauletto please can you share the whole code? i have done the configuration part of the authclient but i don't unsderstand how to use it with yii2 application. — Noor Ahmed, Aug 24 '16 at 19:56
@noor look at [line 194](https://github.com/dektrium/yii2-user/blob/master/controllers/SecurityController.php) — Pavel Erastov, Aug 25 '16 at 03:09

score 5 · Accepted Answer · answered Mar 05 '15 at 07:10

5

You can also add returnUrl explicitly in your auth client configuration. Look at docs for more info.

answered Mar 05 '15 at 07:10

Tahir

733
5
15

I found this through trial and error method. No one sensible manual about this. – Adobe Aug 01 '16 at 07:16
How to up for you the second plus? – Adobe Sep 13 '19 at 14:53

score 3 · Answer 2 · answered Aug 06 '15 at 07:12

I was also facing this problem and got solution to change the Redirect URI in project Credentials like below:

Redirect URIs

 http://mysiteurl.com/user/sign-in/oauth?authclient=google
 http://mysiteurl.com/oauth2callback

JavaScript origins

 http://mysiteurl.com

score 3 · Answer 3 · answered Oct 12 '16 at 14:05

Use return URL in main.php like 

'authClientCollection' => [
          'class' => 'yii\authclient\Collection',
          'clients' => [
            'facebook' => [
              'class' => 'yii\authclient\clients\Facebook',
              'authUrl' => 'https://www.facebook.com/dialog/oauth?display=popup',
              'clientId' => ['FacebookClientId'],
              'clientSecret' => ['FacebookClientSecret'],
              'attributeNames' => ['name','first_name','last_name','email','gender','picture','age_range']
            ],
           'google' => [
              'class' => 'yii\authclient\clients\Google',
              'clientId' => ['GoogleClientId'],
              'clientSecret' => ['GoogleClientSecret'],
              'returnUrl' => 'http://yoursite.com/site/auth?authclient=google'
            ],
          ],
        ],


Also set redirect_url in api credentials same as return url

It's work for me.

yii2, google outh2 and scope

3 Answers3

Linked