Error 400 with spring-social-google

[javierhe]

I'm new to spring-social, and I'm trying to modify the project sample spring-social-showcase to add Google connection, using spring-social-google. The demo from spring-social-google works ok with my own clientId and secret. Also, I've added the following URL to the list of redirections:

Code:

http://localhost:8080/spring-social-showcase/signin/google

In the showcase demo, I've added the maven dependency, and configured a new GoogleConnectionFactory added to the ConnectionFactoryRegistry. For sign-in with google, I've added the following:

Code:

	<!-- GOOGLE SIGNIN -->
	<form name="go_signin" id="go_signin" action="<c:url value="/signin/google"/>" method="POST">
		<button type="submit">Sign In with Google</button>
		<input type="hidden" name="scope" value="https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo#email https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/tasks https://www-opensocial.googleusercontent.com/api/people" />
	</form>

I'm getting the google page asking to authorize the app, but after authorization, I'm getting the following error:

Code:

WARN : org.springframework.web.client.RestTemplate - POST request for "https://accounts.google.com/o/oauth2/token" resulted in 400 (Bad Request); invoking error handler
DEBUG: org.apache.http.wire - << "21[\r][\n]"
DEBUG: org.apache.http.wire - << "{[\n]"
DEBUG: org.apache.http.wire - << "  "error" : "invalid_request"[\n]"
DEBUG: org.apache.http.wire - << "}"
DEBUG: org.apache.http.wire - << "[\r][\n]"
DEBUG: org.apache.http.wire - << "0[\r][\n]"
DEBUG: org.apache.http.wire - << "[\r][\n]"
DEBUG: org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Released connection is reusable.
DEBUG: org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Releasing connection [{s}->https://accounts.google.com][null]
DEBUG: org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Pooling connection [{s}->https://accounts.google.com][null]; keep alive indefinitely
DEBUG: org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Notifying no-one, there are no waiting threads
WARN : org.springframework.social.connect.web.ConnectSupport - HttpClientErrorException while completing connection: 400 Bad Request
WARN : org.springframework.social.connect.web.ConnectSupport -       Response body: {
  "error" : "invalid_request"
}

I guess I'm doing something wrong. Please, could you give any hints?
Thank you in advance.

[javierhe]

Debugging the code I've seen the cause of error, the clientId and clientSecret aren't sent to google in the Oauth request. The values are correctly set when creating the GoogleConnectionFactory, so I'm stuck finding why these values get lost.

[javierhe]

Finally found the problem. For some reason I was using spring-social 1.1.0.SNAPSHOT, using the stable version 1.0.2.RELEASE seems to resolve the issue.

[habuma]

Yes, there is a breaking change (made on purpose) in 1.1.0.SNAPSHOT related to how the client is authenticated in requests to the token endpoint. Per the latest drafts of OAuth2 spec, the client *could* be authenticated by passing its credentials as form parameters, its preferred to use HTTP Basic on that request to authenticate the client. 1.1.0.SNAPSHOT implements that approach. But, you can override that behavior by setting OAuth2Template's useParametersForClientAuthentication property to true.

Spring Social Google (a community-led project) is built against the 1.0.x releases, so it doesn't need (nor can it) set the useParametersForClientAuthentication. But when Spring Social 1.1.0 is final, any OAuth2 provider module will need to adjust to support 1.1.0.