Hmm I m struggling with Google OAuth I get shown the consent Ory Community #ory-network

Hmm, I’m struggling with Google OAuth: I get shown...

plain-train-22535

07/27/2023, 3:32 PM

Hmm, I’m struggling with Google OAuth: I get shown the consent dialog (which mentions “to continue to oryapis.com” instead of my host name) and then I’m returned to

/ui/registration?flow=

which has a continue button that forwards to Google again. I’ve tried adapting the schema but just cannot get it to work…

plain-train-22535

07/28/2023, 7:26 AM

Is there any way to view a log file for OAuth? Debugging this without visibility is near impossible….

proud-plumber-24205

07/28/2023, 7:45 AM

Hi @plain-train-22535 Are you using a custom domain on your project?

plain-train-22535

07/28/2023, 7:45 AM

Yep, trying to set up auth.opensanctions.org

plain-train-22535

07/28/2023, 7:47 AM

I sort of feel like that CNAME has not really replaced the auto-assign name yet 😕

proud-plumber-24205

07/28/2023, 7:47 AM

Hmm, is the request initiated from your domain and to your custom domain? Maybe you need to update the config for this here https://www.ory.sh/docs/troubleshooting/troubleshooting-social-sign-in#oryapiscom-doesnt-work-as-authorized-redirect-uri

plain-train-22535

07/28/2023, 7:52 AM

oh patch and get seem useful. is there a way to pretty print this?

plain-train-22535

07/28/2023, 7:54 AM

(the suggested command did fix the redirect url, but the loop remains)

plain-train-22535

07/28/2023, 8:06 AM

I assume there’s something broken with the identity mapping, but I just have no way to see what’s happening

proud-plumber-24205

07/28/2023, 9:00 AM

yes with

--format json-pretty

or pipe the output through

jq

https://jqlang.github.io/jq/

proud-plumber-24205

07/28/2023, 9:01 AM

I assume there’s something broken with the identity mapping, but I just have no way to see what’s happening

possibly, it's something we are working on to make more visible. To debug, make sure that the jsonnet code inside the OIDC provider is correct

proud-plumber-24205

07/28/2023, 9:06 AM

You can for example output all of the claims you get back into a single field to see which values you have and don't have.

Copy code

local claims = std.extVar('claims');
local arrayToString(arr) = std.join(", ", std.map(std.escapeStringJson, arr));
local c = arrayToString(std.objectFieldsAll(claims));

{
  identity: {
    traits: {
      // The email might be empty if the user hasn't granted permissions for the email scope.
      email: c,
    },
  },
}

25 Views

Open in Slack

Previous Next