Skip to content
This repository has been archived by the owner on Feb 18, 2023. It is now read-only.

Google Account linking fails with 'Invalid ClientID' #28

Open
peterkappelt opened this issue Jan 10, 2019 · 11 comments
Open

Google Account linking fails with 'Invalid ClientID' #28

peterkappelt opened this issue Jan 10, 2019 · 11 comments

Comments

@peterkappelt
Copy link
Member

I have tried the above fixes to the docker-compose file and ApplicationServiceProvider file and still having issues with the account linking being redirected to /gapi/auth. Is there something else I have missed. I have had a look in the docker-compose logs for errors but everything appears ok, no fatal errors.

To try and get round the proxy issue I used my Sophos firewall WAF function, and stopped apache. I can know add account details as page direct is right but on pressing 'Link Accounts' I get a red error box on the web page saying 'request by Googlehome is malformed .... Invalid ClientID provided'. Checked google console and docker-compose file and clientid entry match. Is this another issue.

Originally posted by @jaseuk73 in #17 (comment)
@peterkappelt
Copy link
Member Author

The proxy issue will be solved with the update on saturday.

This seems like a different issue. First a simple thing, to make sure there is no misunterstanding: Could you read #26 ? Are you linking the account as described there?

@jaseuk73
Copy link

thank you for the assistance @peterkappelt . I mis-read the docs and thought you linked it from web page, my apologies.
I have now used the home app and selected my [test] app and tried linking, not getting any errors on web page but when I press 'link account', details in the email and password boxes clear and nothing else happens. Checked local bridge web page and no account link shown. I will check my logs to see if anything shows up. I may return the vm to base condition and create new docker-compose after Saturday to remove any possible issues using Sophos as pseudo proxy. I will post any relevant info from logs if found.

@jghaanstra jghaanstra mentioned this issue Jan 12, 2019
Closed
@peterkappelt
Copy link
Member Author

Were you able to resolve the problems? Do you need further assistance?

@shoaibali
Copy link

shoaibali commented Feb 17, 2019
edited
Loading

@peterkappelt I have been bashing my head against this problem for the past couple of hours. I have a self-hosted instance of it running on docker. I folllowed the documention very closely. I am not sure what I am missing.

I am fairly certain there is a bug some where. The form that is rendered for linking account has no client_id value nor it has any other values. its completely empty.

<form class="form-horizontal" method="POST" accept-charset="UTF-8" action="http://192.168.1.107:8888/gapi/auth">
                    <input type="hidden" name="_token" value="0qRLql8b2EqPjDeWOSffUh0xfoH3si9PPoYiPl4d">
                    <input type="hidden" name="client_id" value="">
                    <input type="hidden" name="response_type" value="">
                    <input type="hidden" name="redirect_uri" value="">
                    <input type="hidden" name="state" value="">
                    <div class="card-content black-text">
                        <p><span class="card-title">Link Accounts</span></p>
                                                    
                            <b>Hi [email protected]!</b>
                            <p>Click the button below to link your gBridge account to Google.</p>
                                            </div>
                    <div class="card-action">
                        <button style="width: 100%;" class="btn waves-effect blue" type="submit">
                                                        <i class="material-icons left">navigate_next</i>Confirm Linking
                                                    </button>
                    </div>
                </form>

I am hosting it on 192.168.1.107:8888, I even tried hacking the values in but eventually it complains about invalid RedirectURI and rightly so. Since I have a FQDN configured within app settings on Google.

I even tried removing all security barriers put by mod_proxy. Exposing the entire gBridge to the internet. But then, authentication stops working.

Lastly, I cant even see the project I have registered within Google Actions. Do I have to complete the entire process of deploying to production before I see it? Even that part of Google Actions is broken.

GoogleFulfillment 'GoogleFulfillmentName{name=actions.fulfillment.devices, template=false, explicitTemplateProject=false}' is not supported

Here is my docker compose file.

version: '3'
networks:
   backend:
      driver: bridge
   web_frontend:
      driver: bridge
services:
   web:
      image: 'pkap/gbridge-web:latest'
      restart: always
      ports:
         - '8888:80'
      environment:
         APP_ENV: production
         APP_KEY: 'base64:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx='
         APP_DEBUG: 'false'
         APP_LOG_LEVEL: warning
         APP_URL: 'http://localhost'
         DB_CONNECTION: mysql
         DB_HOST: database
         DB_PORT: 3306
         DB_DATABASE: gbridge_db
         DB_USERNAME: gbridge_db
         DB_PASSWORD: xxxxxxxx
         BROADCAST_DRIVER: log
         CACHE_DRIVER: file
         SESSION_DRIVER: file
         SESSION_LIFETIME: 120
         QUEUE_DRIVER: sync
         REDIS_HOST: cache
         REDIS_PASSWORD: 'null'
         REDIS_PORT: '6379'
         MAIL_DRIVER: smtp
         MAIL_HOST: ERROR
         MAIL_PORT: ERROR
         MAIL_USERNAME: ERROR
         MAIL_PASSWORD: ERROR
         MAIL_ENCRYPTION: ERROR
         GOOGLE_CLIENTID: adc80562f8xxxxxxxxxxxxxx0a6551
         GOOGLE_PROJECTID: 'shoaib-s-home-control'
      links:
         - database
         - cache
      depends_on:
         - database
         - cache
      networks:
         - web_frontend
         - backend
   redis-worker:
      image: 'pkap/gbridge-redis-worker:latest'
      restart: always
      environment:
         GBRIDGE_REDISWORKER_REDIS: 'redis://cache:6379'
         GBRIDGE_REDISWORKER_MQTT: 'mqtt://localhost:1883'
         GBRIDGE_REDISWORKER_MQTTUSER: shoaib
         GBRIDGE_REDISWORKER_MQTTPASSWORD: xxxxxxxx
         GBRIDGE_REDISWORKER_HOMEGRAPHKEY: AIzaSyAm1byUyxxxxxxxxxxxxx0N7RTcfVJdsI
      networks:
         - backend
      links:
         - cache
      depends_on:
         - cache
   database:
      image: 'mysql:5'
      restart: always
      environment:
         MYSQL_RANDOM_ROOT_PASSWORD: 'true'
         MYSQL_DATABASE: gbridge_db
         MYSQL_USER: gbridge_db
         MYSQL_PASSWORD: nxxxxxja1xx
      expose:
         - '3306'
      networks:
         - backend
   cache:
      image: 'redis:4'
      restart: always
      expose:
         - '6379'
      networks:
         - backend

@shoaibali
Copy link

I have even tried adding

         PROXY_URL: 'https://home.mydomain.com/gbridge'
         PROXY_SCHEME: 'https'

The ClientID problem still persists. My apache2 config contains

    ProxyPass /gbridge/gapi http://${GBRIDGE_HOST}:${GBRIDGE_PORT}/gapi
    ProxyPassReverse /gbridge/gapi http://${GBRIDGE_HOST}:${GBRIDGE_PORT}/gapi

@gosuto-inzasheru
Copy link

gosuto-inzasheru commented Jun 2, 2019
edited
Loading

Same!

I am trying to link through the Google Home app. Entering my information there however, gives this error:

An error occured
The request by Google Home was malformed. Please try again in a few minute. If this problem persists, please contact the team of Kappelt gBridge. Invalid Client ID has been provided!

Like @shoaibali mentions; the source of gapi/auth indeed shows an empty form field:
<input type="hidden" name="client_id" value="">

I validated that GOOGLE_CLIENTID and the Client ID under Account linking in the Google Actions console are the same.

docker-compose up is successful:

Starting gbridge_cache_1    ... done
Starting gbridge_web-fpm_1  ... done
Starting gbridge_database_1 ... done
Starting gbridge_web_1          ... done
Starting gbridge_redis-worker_1 ... done

MQTT and nginx with ssl certificates are running on the server successfully as well.

@dony71
Copy link

dony71 commented Apr 25, 2020

I have same problem
Anybody has solution on this yet?

@dony71
Copy link

dony71 commented Apr 30, 2020

I still get this famous "invalid ClientID"
Below is log from docker-compose up
I cannot see anything wrong here... anybody tell me why?
GOOGLE_CLIENTID: [email protected]
GOOGLE_PROJECTID: xxx-xxx
PROXY_URL: 'https://xxx.duckdns.org'
PROXY_SCHEME: 'https'
I can access gbridge website and add device at https://xxx.duckdns.org without any problem.
https://xxx.duckdns.org/gapi shows
{"requestId":"","payload":{"errorCode":"protocolError"}}
https://xxx.duckdns.org/gapi/auth shows
Nice to see you again!
Google is requiring access to your gBridge account. Please confirm the linking.
Link Accounts
Hi [email protected]!
Click the button below to link your gBridge account to Google.

ubuntu@ubuntu:/opt/gbridge$ docker-compose up
Starting gbridge_database_1 ...
Starting gbridge_database_1
Starting gbridge_cache_1 ...
Starting gbridge_cache_1
Starting gbridge_web-fpm_1 ...
Starting gbridge_cache_1 ... done
Starting gbridge_web_1 ...
Starting gbridge_web_1
Starting gbridge_redis-worker_1 ...
Starting gbridge_web_1 ... done
Attaching to gbridge_web-fpm_1, gbridge_database_1, gbridge_cache_1, gbridge_redis-worker_1, g bridge_web_1
web-fpm_1 | [25-Apr-2020 19:21:37] NOTICE: fpm is running, pid 1
cache_1 | 1:C 25 Apr 19:21:42.867 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
cache_1 | 1:C 25 Apr 19:21:42.876 # Redis version=4.0.14, bits=64, commit=00000000, mo dified=0, pid=1, just started
cache_1 | 1:C 25 Apr 19:21:42.876 # Warning: no config file specified, using the defau lt config. In order to specify a config file use redis-server /path/to/redis.conf
web-fpm_1 | [25-Apr-2020 19:21:37] NOTICE: ready to handle connections
database_1 | [i] mysqld already present, skipping creation
cache_1 | 1:M 25 Apr 19:21:42.897 * Running mode=standalone, port=6379.
database_1 | [i] MySQL directory already present, skipping creation
cache_1 | 1:M 25 Apr 19:21:42.897 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
cache_1 | 1:M 25 Apr 19:21:42.897 # Server initialized
cache_1 | 1:M 25 Apr 19:21:42.898 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this t o take effect.
database_1 | 2020-04-25 19:21:39 0 [Note] /usr/bin/mysqld (mysqld 10.4.12-MariaDB) starti ng as process 1 ...
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Using Linux native AIO
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic bui ltins
cache_1 | 1:M 25 Apr 19:21:42.900 * DB loaded from disk: 0.001 seconds
cache_1 | 1:M 25 Apr 19:21:42.900 * Ready to accept connections
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Uses event mutexes
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Number of pools: 1
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Using generic crc32 instructions
database_1 | 2020-04-25 19:21:41 0 [Note] mysqld: O_TMPFILE is not supported on /var/tmp (disabling future attempts)
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Completed initialization of buffer pool
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: If the mysqld execution user is authori zed, page cleaner thread priority can be changed. See the man page of setpriority().
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: 128 out of 128 rollback segments are ac tive.
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Creating shared tablespace for temporar y tables
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Waiting for purge to start
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: 10.4.12 started; log sequence number 32 9987; transaction id 575
database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/my sql/ib_buffer_pool
database_1 | 2020-04-25 19:21:41 0 [Note] Plugin 'FEEDBACK' is disabled.
database_1 | 2020-04-25 19:21:42 0 [Note] Server socket created on IP: '::'.
database_1 | 2020-04-25 19:21:42 0 [Warning] 'user' entry '@3d2acaed4198' ignored in --sk ip-name-resolve mode.
database_1 | 2020-04-25 19:21:42 0 [Warning] 'proxies_priv' entry '@% root@3d2acaed4198' ignored in --skip-name-resolve mode.
database_1 | 2020-04-25 19:21:42 0 [Note] InnoDB: Buffer pool(s) load completed at 200425 19:21:42
database_1 | 2020-04-25 19:21:42 0 [Note] Reading of all Master_info entries succeeded
database_1 | 2020-04-25 19:21:42 0 [Note] Added new Master_info '' to hash table
database_1 | 2020-04-25 19:21:42 0 [Note] /usr/bin/mysqld: ready for connections.
database_1 | Version: '10.4.12-MariaDB' socket: '/run/mysqld/mysqld.sock' port: 3306 M ariaDB Server
redis-worker_1 |
redis-worker_1 | > [email protected] start /usr/src/gbridge-redis-worker
redis-worker_1 | > node index.js
redis-worker_1 |
redis-worker_1 | Redis client (subscribe) connected
redis-worker_1 | Redis client (cache) connected
redis-worker_1 | Redis client (subscribe) successful subscribe to gbridge:u*:d*:*
redis-worker_1 | MQTT client connected
redis-worker_1 | Could not match topic tele/ROUTER/LWT for user 1
redis-worker_1 | Could not match topic tele/PORCH/LWT for user 1
redis-worker_1 | Could not match topic tele/GUDANG/LWT for user 1
redis-worker_1 | Could not match topic cmnd/PORCH/POWER for user 1
redis-worker_1 | Could not match topic cmnd/GUDANG/POWER for user 1
redis-worker_1 | Could not match topic stat/PORCH/POWER for user 1
redis-worker_1 | Could not match topic stat/GUDANG/POWER for user 1
redis-worker_1 | Could not match topic tele/PORCH/STATE for user 1
redis-worker_1 | Could not match topic tele/ROUTER/STATE for user 1
redis-worker_1 | Could not match topic tele/GUDANG/STATE for user 1
web_1 | 172.19.0.1 - - [25/Apr/2020:19:23:25 +0000] "GET /gapi/auth HTTP/1.1" 200 5056 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" "24.4.73.62"
web-fpm_1 | 172.19.0.6 - 25/Apr/2020:19:23:23 +0000 "GET /index.php" 200
web_1 | 172.19.0.1 - - [25/Apr/2020:19:23:58 +0000] "POST /gapi/auth HTTP/1.1" 302 3551 "https://xxx.duckdns.org/gapi/auth?response_type=token&[email protected]&redirect_uri=https://oauth-redirect.googleusercontent.com/r/xxx-xxx&state=ABdO3MWiGj2ZxAb4NlzXWiMCDcdF2dCF_SodAiMDm5LE7jAuJl59xpv3pat_hzdKN8-DYFwZPkrEQm2yl4tj-cBC2HptHYhfhGOYQFeIOBBUlEt5O_wu6OMu5tGg9InSg6iD3m5-6rbxa8PEtQblvuIhkBoLDcdM7BcIv16fFO1Kk4IsQB4Uwk-t-6OEhXmBqVYNnydyqSqjbpjH9T4fplFl4LlJwXIs2GwD2lQwM7H5gnXbudGwWFdPdm1x9JRwToadPRKJZ2kQSQVlUsyhLIdtdAOU6vQojopTKixbLp8xVAok2UFBTtch2i7eAdZ6oI45F-sZ75EPLYvqZP1Lb_QHbBLx9WRdJbtUuMUZt6PYR7Ohu1NJOZ_jDmBvY0b08t64E9A4YUhIZC_q0teEhkLaD4CiMxmObc_NGd8NWw9Z-gNugsmWIG7shQFSM653P83QnpF2XzGJlTuRq2tvqIjMj1EvDPTkCu9C11szbL1RJtjtBPDoP2kVIn5PvoY2-GkZxj07k8oMiO2Iv_ObtFTTkbNEypupan4SvdnSkOV5yOaNfn4F8w1X4QkTv3q2X64bFsN7QbsP94CurQjmd6VlppUQqykPtA&user_locale=en-GB" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" "24.4.73.62"
web-fpm_1 | 172.19.0.6 - 25/Apr/2020:19:23:57 +0000 "POST /index.php" 302
web_1 | 172.19.0.1 - - [25/Apr/2020:19:23:59 +0000] "GET /gapi/auth HTTP/1.1" 200 5471 "https://xxx.duckdns.org/gapi/auth?response_type=token&[email protected]&redirect_uri=https://oauth-redirect.googleusercontent.com/r/xxx-xxx&state=ABdO3MWiGj2ZxAb4NlzXWiMCDcdF2dCF_SodAiMDm5LE7jAuJl59xpv3pat_hzdKN8-DYFwZPkrEQm2yl4tj-cBC2HptHYhfhGOYQFeIOBBUlEt5O_wu6OMu5tGg9InSg6iD3m5-6rbxa8PEtQblvuIhkBoLDcdM7BcIv16fFO1Kk4IsQB4Uwk-t-6OEhXmBqVYNnydyqSqjbpjH9T4fplFl4LlJwXIs2GwD2lQwM7H5gnXbudGwWFdPdm1x9JRwToadPRKJZ2kQSQVlUsyhLIdtdAOU6vQojopTKixbLp8xVAok2UFBTtch2i7eAdZ6oI45F-sZ75EPLYvqZP1Lb_QHbBLx9WRdJbtUuMUZt6PYR7Ohu1NJOZ_jDmBvY0b08t64E9A4YUhIZC_q0teEhkLaD4CiMxmObc_NGd8NWw9Z-gNugsmWIG7shQFSM653P83QnpF2XzGJlTuRq2tvqIjMj1EvDPTkCu9C11szbL1RJtjtBPDoP2kVIn5PvoY2-GkZxj07k8oMiO2Iv_ObtFTTkbNEypupan4SvdnSkOV5yOaNfn4F8w1X4QkTv3q2X64bFsN7QbsP94CurQjmd6VlppUQqykPtA&user_locale=en-GB" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" "24.4.73.62"
web-fpm_1 | 172.19.0.6 - 25/Apr/2020:19:23:58 +0000 "GET /index.php" 200

@RodrigoDornelles
Copy link

same problem here, any suggestions on how to solve?

@gosuto-inzasheru
Copy link

I'm not sure if this service is still running, I believe it was shut down beginning 2020: https://about.gbridge.io/notice/

@RodrigoDornelles
Copy link

I'm not sure if this service is still running, I believe it was shut down beginning 2020

as I understand it is possible to host the service, as I believe that most in this issue are trying.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@shoaibali @gosuto-inzasheru @dony71 @peterkappelt @RodrigoDornelles @jaseuk73