Scopes not working for Google on Android

[jasongrishkoff]

Hi there,

I'm trying to pass scope to Google as follows:

        manager.authorize('google', {scopes: 'profile email'})
            .then(resp => this.cleanLoginData('google',resp.response))
            .catch(err => console.log('There was an error'))

However, that doesn't seem to provide the email when I try to call manager.makeRequest('google',googleUrl) to https://www.googleapis.com/oauth2/v1/userinfo?alt=json.

The solution was to go into android/src/main/java/io/fullstack/oauth/OAuthManagerProviders.java and change line 101 to String scope = "profile email";

Is this a known issue, or am I doing something wrong? I notice that a lot of the language in the java files refers to "scope" rather than "scopes" (with the "s"), as passed in the above authorize code snippet. Could this be the issue?

Thanks!
Jason

[brunolemos]

Apparently scopes are not working on Android at all.

I tried with github and did not work as well.
And it means github login is not supported on android because the scope is a required field to return a valid access token.

cc @auser

[LaurelOlson]

Try including scope in the config constant along with the client_id and client_secret instead of in the options hash like so:

    const config =  {
      github: {
        client_id: Platform.OS === 'ios' ? Config.GITHUB_CLIENT_ID : Config.GITHUB_CLIENT_ID_ANDROID,
        client_secret: Platform.OS === 'ios' ? Config.GITHUB_CLIENT_SECRET : Config.GITHUB_CLIENT_SECRET_ANDROID,
        scope: 'user'
      }
    }

[brunolemos]

@LaurelOlson I can try that, thanks, but would only partially fix the problem because the app has multiple github login buttons to support different scopes (public, private, ...)

[auser]

That config is dynamic, @brunolemos You can send any ole' config with any authorize() request

[brunolemos]

@auser this is what I'm currently doing and works fine on iOS, but not android:

manager.authorize('github', { scopes: 'repo notifications' })

Are you saying that there is a different format that would work on both iOS and Android?

[brunolemos]

I searched this repository for "scopes" and I could find the parameter being used in the iOS native module but not on Android's.

[auser]

Yikes! Just pushed a fix for this. Thanks for the heads up!

[brunolemos]

Hi @auser, still not working for GitHub...

With the new update, I can pass the scopes field in the github config object. But:

1. It still don't receive the scopes parameter passed on .authorize('github', { scopes: '...' }) method.
2. The response coming from the authorize method is different from the IOS and does not contain the access_token field on it.

[auser]

are you getting a credentials key back? (https://github.com/fullstackreact/react-native-oauth/blob/master/ios/OAuthManager/OAuthManager.m#L560-L572)

And when you pass scopes are you seeing it in the logs with the scopes?

[brunolemos]

@auser:

CONFIGURE

manager.configure({
    github: {
        client_id: '...',
        client_secret: '...',
        redirect_uri: 'http://localhost/github',
        scope: 'user **public_repo** notifications read:org',
        scopes: 'user **public_repo** notifications read:org',
    },
});

ps1: I'm using both scope and scopes just to test
ps2: the ** is just to show Im using different scopes on authorize method below

AUTHORIZE

manager.authorize('github', { 
    scope: 'user **repo** notifications read:org',
    scopes: 'user **repo** notifications read:org'
});

iOS RESPONSE

iOS response is fine. It has the accessToken, so it works. It doesn't have the scope field though.

ANDROID RESPONSE

The android response is totally diferrent and doesn't have the accessToken needed.

[brunolemos]

@auser do you prefer that I open a new issue or could you just reopen this one?

[auser]

This should be relatively easy to update. Interested in contributing? The credentials for iOS (look fine, yes?) are in the OAuthClient[1/2].m files. For Android, it's handled in the Manager.

[auser]

@brunolemos can you try the latest version on master?

[brunolemos]

@auser tested it, almost there. Now I'm receiving the accessToken, but android is still not considering the scopes parameter sent with the authorize method.

Android response

1. scope is null (or the initial value on the configure method)
2. authorized is outside response field
3. type is bearer

iOS response

1. scope is not returned
2. authorized is inside response field
3. type is 1

Testing

For you to test, you can:

1. Get the secret keys here: https://github.com/settings/developers
2. Call using authorize('github', { scopes: 'notifications' })
3. Try to access https://api.github.com/notifications?access_token=RESPONSE_ACCESS_TOKEN_HERE

Doing this, I currently have this on iOS:
[] (valid response)

and this on android:

{
  "message": "Missing the 'notifications' scope.",
  "documentation_url": "https://developer.github.com/v3"
}

[auser]

I'll try this when I get back to a keyboard. I'm inclined to remove the type all together, because that was really just for testing.

The scopes are comma separated, not space separated. I'll check the iOS side after I fix the android side (although it was working on my tests...).

Anyway, will report back what I find.

[APiercey]

+1 No scope returned on iOS for me. Should another issue be opened regarding iOS?

[danibrear]

I got scopes to work with Google OAuth by doing scopes: 'profile email' in my configuration file.

[brunolemos]

@jasongrishkoff can you remove "for Google" from the title please?
@davidbrear it's fixed for the configure method but not for the authorize method
@auser i don't use the type field, so for me no problem. Just pointed the response differences

[auser]

TODO:

• Add scopes to the iOS response
• Check if scopes are being sent with auth request on Android

Can you think of anything else?

Also, scopes are comma separated

[brunolemos]

@auser the first todo is more like "make the android response and ios response exactly equal" 😝

The second todo is the really important here in this issue!

Thanks.

--
I have another issue but it's not a big deal yet, I might open a new issue if it becomes.
(It's that there are some kind of cache that not always open the browser to get new tokens from github and uses old scopes instead of the new ones I'm sending in the authorize method)

[auser]

Can you try the latest version? I just posted a new version that should address the TODO 2

[brunolemos]

@auser thanks, it works! 🎉

[auser]

Woohoo!

[auser]

I believe I pushed an npm update too. Away from the keyboard.

[brunolemos]

Small difference on the responses:
iOS: { response: { credentials: { scopes: ['user repo'] } } } (array, space separated)
Android: { response: { credentials: { scopes: 'user,repo' } } } (string, comma separated)
But I'm not using this field yet.

[BricePissard]

Maybe this could help, setting the credential's scopes into fully qualified URL separated by '+' will also work for you:

google: {
  ...,
  scopes: {
     'https://www.googleapis.com/auth/plus.login+' +
     'https://www.googleapis.com/auth/calendar+' +
     'https://www.googleapis.com/auth/calendar.readonly+' +
     'https://www.googleapis.com/auth/contacts+' +
     'https://www.googleapis.com/auth/contacts.readonly+' +
     'https://www.googleapis.com/auth/userinfo.profile+' +
     'https://www.googleapis.com/auth/userinfo.email+' +
     'https://www.googleapis.com/auth/user.addresses.read+' +
     'https://www.googleapis.com/auth/user.birthday.read+' +
     'https://www.googleapis.com/auth/user.emails.read+' +
     'https://www.googleapis.com/auth/user.phonenumbers.read'
  }
}

But BTW i have another error that appears after the scopes' hand check, cf: #61

is anyone is receiving the same error, in XCode logs:
{ status: 'error', msg: 'The operation couldn’t be completed. (NSURLErrorDomain error -1012.)' }