Describe the bug
- GitLab As Custom Provider
- Callback url is not correct
Scope Needs '+' instead gets replaced by
%2B- And 401 Error
(After I Manually Changed CallbackUrl and scope)
- And 401 Error
[next-auth][error][OAUTH_GET_ACCESS_TOKEN_ERROR] [
{
statusCode: 401,
data: '{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}'
},
undefined,
undefined
]
https://next-auth.js.org/errors#oauth_get_access_token_error
[next-auth][error][OAUTH_GET_ACCESS_TOKEN_ERROR] [
{
statusCode: 401,
data: '{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}'
},
undefined,
'gitlab',
'<Token>'
]
To Reproduce
https://docs.gitlab.com/ee/api/oauth2.html Docs Found Here
{
id: 'gitlab',
name: 'GitLab',
type: 'oauth',
version: '2.0',
scope: 'email+profile+read_user',
params: { grant_type: 'authorization_code' },
accessTokenUrl: 'https://gitlab.com/oauth/token',
authorizationUrl: 'https://gitlab.com/oauth/authorize?response_type=code',
profileUrl: 'https://gitlab.com/api/v4/user',
profile: (profile) => {
return {
id: profile.id,
name: profile.name,
email: profile.email,
image: "NO"
}
},
clientId: '<Client ID>',
clientSecret: '<Secret Here>'
}
Expected behavior
Work Out Of The Box
- Callback Should Have Been http://localhost:3000/api/auth/callback/gitlab
Additional context
Probably I would have messed up something .As far as the docs this is the way to do it
Would like this working and would like to merg to main repo
Documentation feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.
- [ x] Found the documentation helpful
- [ x] Found the example project helpful
SabariVig
All 6 comments
Thanks for the very detailed bug report!
Can you confirm if using separating them with space works for you or not?
scope: 'email profile read_user',
If that doesn't work, can you try passing them as array?
scope: ['email', 'profile', 'read_user'],
_^I was planning to support this but can't remember if it actually works or not._
If neither of these approaches work do let us know!
We might need to do something special for GitLab.
UPDATE: I wrote 'scopes' instead of 'scope' in the example above, oops! (edited)
iaincollins
on 19 Jun 2020
Yeah the scope was fixed by scopes: 'email profile read_user'.But the callback url and 401 error still exists
Edit: scope array also works
SabariVig
on 19 Jun 2020
the callback is correct. the error is in the redirect_url in the url. It should have been https://gitlab.com/oauth/authorize?response_type=code&redirect_uri=http://localhost:3000/api/auth/callback/gitlab
but the default is https://gitlab.com/oauth/authorize?response_type=code&redirect_uri=%2Fapi%2Fauth%2Fcallback%2Fgitlab
SabariVig
on 19 Jun 2020
Hmm, did you configure the site option in NextAuth.js to tell it your site name?
e.g.
site: 'http://localhost:3000`
As an option in /api/auth/[...nextauth.js]
iaincollins
on 19 Jun 2020
:sweat_smile: I cloned the example repo again. i thought my env was being applied.My bad It worked
SabariVig
on 19 Jun 2020
Oh great!
This actually puzzled me for a bit as I couldn't figure out why that redirect URI was wrong!
Maybe we should spit out a warning if not configured / make http://localhost:3000 the default.
Glad it's working!
iaincollins
on 19 Jun 2020
Related issues
eatrocks
路
3Comments
SharadKumar
路
3Comments
readywater
路
3Comments
ryanbahan
路
3Comments
iaincollins
路
3Comments