Google oauth2 and 400 bad request: Bug on Google side?

匿名 (未验证) 提交于 2019-12-03 02:50:02

问题:

We have Google oauth2 working fine on our website. However, often Chrome users complaint about 400 Bad request and we were able to reproduce it now. Based on the investigation, it indeed looks like a bug on Google side:

  1. It only happens with users who were authenticated earlier and logged-in with multiple accounts on GMail
  2. It doesn't happen when the same user uses incognito window.
  3. This problem is universal and not only with our website. At this moment, I am not able to login using google oauth2 on any website including StackOverflow. Stackoverflow site also gives the same 400 Bad request error and I have to use incognito.
  4. No additional information is present along with 400 Bad Request Error
  5. To further confirm, I just loaded https://accounts.google.com/o/oauth2/auth without any parameters and it also gave 400 Bad request. However, if I load it in incognito, it gives Error: invalid_request. So there is indeed different behavior.
  6. So We suspected that the problem might be with cookies sent along with request since incognito window has no cookies. So we cleared all the cookies for domain accounts.google.com and problem magically solved. This confirms that Google side of code is not able to handle their own cookies.

We really need to solve this. Please help. Do let me know if you need any information.

回答1:

This might be caused only for the clients that have multiple google accounts logged in as described here Google OAuth2 returns Bad Request when logged with multiple accounts.

It is not clear to me if is a google bug or a miss-use of the api. Anyway stackoverflow is affected as well.



标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!