2👍
After investigating a bit on my end, I think I might have a solution that works for you.
I’ve messed with OAuth before, and it’s quite tricky sometimes because it has to be robust. So a bunch of security policies usually get in the way.
I’ll provide my full step-by-step, since I was able to get it working, trying my best to match what you posted.
Firstly, to have a clean slate, I went off the example code linked in the tutorials. I cloned and built the project, and did the following:
- Creating a new project on GCP
- Configured the OAuth consent screen
- I set the User type to "internal". This options may not be available if you’re not using an account under GSuite (which I am). "External" should be fine though, just that "internal" is the easiest to test.
- Created a OAuth 2.0 Client
- Added
http://localhost:3000to the "Authorized JavaScript origins" and "Authorized redirect URIs" sections
- Added
- Configured the OAuth consent screen
- Register a Django superuser
- Registered a
Site, with value oflocalhost:8000for both fields. - Went into the admin panel, and added a
Social ApplicationwithClient IDandSecret Keyas the "Client ID" and "Client Secret" from GCP, respectively. I also picked the localhost site that we added earlier and added it to the right hand box. (I leftKeyblank)
- Registered a
Example of my Application Page
- Filled in the
clientIdfield inApp.js, in the params of theGoogleLogincomponent.
Here’s where I ran into a bit of trouble, but this is good news as I was able to reproduce your error! Looking at the request in the network inspector, I see that for me, no body was passed, which is clearly the direct cause of the error. But looking at App#responseGoogle(response), it clearly should pass a token of some sort, because we see the line googleLogin(response.accessToken).
So what is happening is that accounts.google.com is NOT returning a proper response, so something is happening on their end, and we get an invalid response, but we fail silently because javascript is javascript.
After examining the response that Google gave back, I found this related SO post that allowed me to fix the issue, and interestingly, the solution to it was quite simple: Clear your cache. I’ll be honest, I’m not exactly sure why this works, but I suspect it has something to do with the fact that development is on your local machine (localhost/127.0.0.1 difference, perhaps?).
You can also try to access your site via incognito mode, or another browser, which also worked for me.
I have knox token set up, can I use it instead of the JWT tokens?
I don’t think I have enough knowledge to properly answer this, but my preliminary research suggests no. AFAIK, you should just store the token that Google gives you, as the token itself is what you’ll use to authenticate. It seems that Knox replaces Django’s TokenAuthentication, which means that Knox is in charge of generating the token. If you’re offloading the login work to Google, I don’t see how you could leverage something like Knox. However, I could be very wrong.
Does the
class GoogleLogin(SocialLoginView), take care of the steps of validating the access token and code with google and creating the user with that email in database?
I believe so. After successfully authenticating with Google (and it calls the backend endpoint correctly), it seems to create a "Social Account" model. An example of what it created for me is below. It retrieved all this information (like my name) from Google.
Example of my "Social Accounts" page
As for how to retrieve the login from the browser’s local storage, I have no idea. I see no evidence of a cookie, so it must be storing it somewhere else, or you might have to set that up yourself (with React Providers, Services, or even Redux.