https://www.ory.sh/ logo
Join SlackCommunities
Powered by
hi we are trying to integrate the google SSO flow ...
# ory-selfhosting
h
hi we are trying to integrate the google SSO flow within broswer, facing issue in the last step of the process.
Copy code
Steps with native api flow- 
1. Add kratos configuration
2. Create client id and secret in google developer console and add it in kratos oidc config
3. call GET /self-service/registration/api?refresh=true&return_session_token_exchange_code=true to get flow id and exchange token (For browser flow, exchange token code is not supported)
4. call POST /self-service/registration with flow id and csrf, "method": "oidc"  and "provider": "google". It returns redirect_browser_to url with status 422
5. click on url and authorise with google. google returns back code and state query params in url
6. copy code as return_to_code param to GET /sessions/token-exchange API and exchange token code from create registration flow API response as init_code.
7. API returns 404 Not found with "reason": "no session yet for this \"code\""
Looked at the codebase, it requires the session_id to be not null, but in DB all session_ids are null. What am I missing to get the session, why is it null ?
kratos config yaml
Copy code
selfservice:
  methods:
    oidc:
      config:
        # base_redirect_uri: "kratos_url"
        providers:
          - id: 
            provider: google
            client_id: "client_id"
            client_secret: "client_secret"
            # issuer_url: <https://accounts.google.com>
            # auth_url: <https://accounts.google.com/o/oauth2/v2/auth>
            # token_url: <https://www.googleapis.com/oauth2/v4/token>
            # subject_source: userinfo
            mapper_url: file:///etc/config/map-claims-to-identity.jsonnet
This is resolved by moving to 1.1 version of kratos and below steps
Copy code
Steps with browser api flow - 
	ref - <https://github.com/ory/docs/pull/1540>
3. call GET /self-service/registration/browser?refresh=true to get flow id
4. call POST /self-service/registration with flow id and csrf, "method": "oidc"  and "provider": "google". It returns redirect_browser_to url with status 422
5.  click on url and authorise with google. google returns back code and state query params in url
6. call POST <https://www.googleapis.com/oauth2/v4/token>  with code, client_id, client_secret, redirect_uri, grant_type. Capture id_token from response
7.  call POST /self-service/registration again with  "method": "oidc" , id_token from google apis and "provider": "google".  It returns redirect_browser_to url with status 422
🙌 1
11 Views
Open in Slack
PreviousNext
Powered by