Google-api-nodejs-client: state not being sent

Created on 12 Mar 2017  路  8Comments  路  Source: googleapis/google-api-nodejs-client


For some reason my state parameters are not being places into the final url on generateAuthUrl().

My client id, secrets, access type, scopes, and redirect_uri are all generated correctly,

using this code: 

let url = this.client.generateAuthUrl({
            // 'online' (default) or 'offline' (gets refresh_token)
            access_type: 'offline',
            // If you only need one scope you can pass it as a string
            scope: SCOPES,
            // Optional property that passes state parameters to redirect URI
            state: {foo: "bar", email: emailAddress, "test": "one"}
        });

I get 

https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https%3A%2F%2Fmail.google.com%2F&state=&response_type=code&client_id=xxx.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A9000%2Foauth2callback%2Fgoogle
feature request
Source
picture 1mike12

Most helpful comment

Stringifying and enconding state object did the trick as @matkoklaic mentioned.

This should be included in the documentation.

picture alfonmga on 1 Apr 2017
👍81

All 8 comments

It may have something to do with my version of node, but the problem starts with querystring.stringify in oauth2client.js, line 125.

In node 6.3.1, this leads into node core's querystring.js line 210, where the line fields += ks + encode(stringifyPrimitive(v)); doesn't work for an object.

1mike12 picture 1mike12 on 12 Mar 2017

for now setting state as a Base64 string is an ok workaround

1mike12 picture 1mike12 on 12 Mar 2017

Just make sure to stringify and encode state object passed to generateAuthUrl function:
state: encodeURIComponent(JSON.stringify(state)).

matkoklaic picture matkoklaic on 22 Mar 2017
8

Stringifying and enconding state object did the trick as @matkoklaic mentioned.

This should be included in the documentation.

alfonmga picture alfonmga on 1 Apr 2017
👍81

The docs aren't mentioning this at all, and actually give an example passing an object literal, which is misleading:

var url = oauth2Client.generateAuthUrl({
  // 'online' (default) or 'offline' (gets refresh_token)
  access_type: 'offline',

  // If you only need one scope you can pass it as a string
  scope: scopes,

  // Optional property that passes state parameters to redirect URI
  // state: { foo: 'bar' }
});
alexwohlbruck picture alexwohlbruck on 23 Apr 2017
👍4

I am facing the same issue. It doesn't redirect to the callback url, instead it just hangs the page there

kiriti999 picture kiriti999 on 23 Apr 2017

The documentation is not in sync with the OpenID documentation: https://developers.google.com/identity/protocols/OpenIDConnect#state-param

It states that the argument should be a string.

jdecaron picture jdecaron on 6 Jun 2017

Greetings folks! Apologies for the troubles. We've updated the readme to use a string:
https://github.com/google/google-api-nodejs-client/#generating-an-authentication-url

And the reference docs for google-auth-library now point to the proper type as well:
https://google.github.io/google-auth-library-nodejs/interfaces/_auth_oauth2client_.generateauthurlopts.html#state

Please do let me know if there are any other ways we can make this better!

JustinBeckwith picture JustinBeckwith on 2 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ovaris picture ovaris  路  3Comments
oliverjessner picture oliverjessner  路  3Comments
peterpme picture peterpme  路  3Comments
ACMerriman picture ACMerriman  路  3Comments
eduDorus picture eduDorus  路  3Comments