T
Twentyā€¢7mo ago
Uranium

Google authentication - Error 400 (invalid_request)

Hello, I tried to set up the connection via google on a self-hosted version of Twenty that is on my VPS but I got a 400 error that prevents me from connecting.
this is my env variables. AUTH_GOOGLE_APIS_CALLBACK_URL=https://accounts.google.com/o/oauth2/auth AUTH_GOOGLE_CALLBACK_URL=https://accounts.google.com/o/oauth2/auth AUTH_GOOGLE_CLIENT_ID=xxxxxxxx.apps.googleusercontent.com AUTH_GOOGLE_CLIENT_SECRET=xxxx-dddddd AUTH_GOOGLE_ENABLED=true CALENDAR_PROVIDER_GOOGLE_ENABLED=true Twenty version: latest (0.20.0) Thank you in advance for your help. Bastien.
No description
No description
70 Replies
charles
charlesā€¢7mo ago
Missing response_type ? That's weird, @Raphaƫl any idea?
Raphaƫl
RaphaĆ«lā€¢7mo ago
I think you are missing: MESSAGING_PROVIDER_GMAIL_ENABLED=true AUTH_GOOGLE_APIS_CALLBACK_URL should be http://localhost:3000/auth/google-apis/get-access-token Replace localhost with your host name You shouldn't put the scopes in the authorized redirect URIs but the URIs themselves For example: - http://localhost:3000/auth/google/redirect - http://localhost:3000/auth/google-apis/get-access-token Also, AUTH_GOOGLE_CALLBACK_URL should be http://localhost:3000/auth/google/redirect Don't forget to replace http by https if you're not on localhost Tell me if this works šŸ™‚
Uranium
UraniumOPā€¢7mo ago
Oh ok... sorry i test it this night its work THX you
windarrow_
windarrow_ā€¢6mo ago
DO I need to set up a token in my google cloud or something like that for this to be enabled ? I just want to sync calendar and emails not google login
Raphaƫl
RaphaĆ«lā€¢6mo ago
Hello @windarrow_ You need to create a project on google cloud and replace the credentials with your own. You can use the calendar and message sync feature without using the google login, you just have to set AUTH_GOOGLE_ENABLED=false in your .env
windarrow_
windarrow_ā€¢6mo ago
so like this ? @Raphaƫl MESSAGING_PROVIDER_GMAIL_ENABLED true CALENDAR_PROVIDER_GOOGLE_ENABLED true AUTH_GOOGLE_APIS_CALLBACK_URL https://mydomain.pt/auth/google-apis/#mytokenhere# ?
windarrow_
windarrow_ā€¢6mo ago
Do I enable in my google acount like this ?
No description
Uranium
UraniumOPā€¢6mo ago
this is my config and its works if you don't use submains replace by domain.
ACCESS_TOKEN_SECRET=xxxxxxxxxxxxxxx
AUTH_GOOGLE_APIS_CALLBACK_URL=https://crm.mydomain.fr/auth/google-apis/get-access-token
AUTH_GOOGLE_CALLBACK_URL=https://crm.mydomain.fr/auth/google/redirect
AUTH_GOOGLE_CLIENT_ID=xxxxxxxxxx
AUTH_GOOGLE_CLIENT_SECRET=xxxxxxxxx
AUTH_GOOGLE_ENABLED=true
CALENDAR_PROVIDER_GOOGLE_ENABLED=true
FRONT_BASE_URL=https://crm.mydomain-b.fr
IS_SIGN_UP_DISABLED=true
MESSAGING_PROVIDER_GMAIL_ENABLED=true
SERVER_URL=https://crm.mydomain.fr
ACCESS_TOKEN_SECRET=xxxxxxxxxxxxxxx
AUTH_GOOGLE_APIS_CALLBACK_URL=https://crm.mydomain.fr/auth/google-apis/get-access-token
AUTH_GOOGLE_CALLBACK_URL=https://crm.mydomain.fr/auth/google/redirect
AUTH_GOOGLE_CLIENT_ID=xxxxxxxxxx
AUTH_GOOGLE_CLIENT_SECRET=xxxxxxxxx
AUTH_GOOGLE_ENABLED=true
CALENDAR_PROVIDER_GOOGLE_ENABLED=true
FRONT_BASE_URL=https://crm.mydomain-b.fr
IS_SIGN_UP_DISABLED=true
MESSAGING_PROVIDER_GMAIL_ENABLED=true
SERVER_URL=https://crm.mydomain.fr
windarrow_
windarrow_ā€¢6mo ago
Thanks! now just looking in my google account here to get this client id and secret
Uranium
UraniumOPā€¢6mo ago
fot this go here: https://console.cloud.google.com/welcome click onn API & SERVICES
Google Cloud Platform
Google Cloud Platform lets you build, deploy, and scale applications, websites, and services on the same infrastructure as Google.
Uranium
UraniumOPā€¢6mo ago
No description
Uranium
UraniumOPā€¢6mo ago
No description
Uranium
UraniumOPā€¢6mo ago
finaly here
Uranium
UraniumOPā€¢6mo ago
No description
Uranium
UraniumOPā€¢6mo ago
@windarrow_ šŸ™‚
windarrow_
windarrow_ā€¢6mo ago
Awesome stuff !! thanks a lot
Uranium
UraniumOPā€¢6mo ago
choose web app for first questions its important
windarrow_
windarrow_ā€¢6mo ago
it works in test mode ? I need to submit to google to be in production this "app"
windarrow_
windarrow_ā€¢6mo ago
No description
windarrow_
windarrow_ā€¢6mo ago
Restart or something like that?
Uranium
UraniumOPā€¢6mo ago
i have same error lol @Raphaƫl do you have an idea ?
windarrow_
windarrow_ā€¢6mo ago
Enabled API in google console, the calendar and gmail, updated my oauth to have those scopes
No description
windarrow_
windarrow_ā€¢6mo ago
waited the night, removed and connected again and still the same
Raphaƫl
RaphaĆ«lā€¢6mo ago
It should work in test mode but you have to authorize your email address
windarrow_
windarrow_ā€¢6mo ago
I did, he's the only one able to join and he did join without any problem via the google windows
Raphaƫl
RaphaĆ«lā€¢6mo ago
Failed insufficient permissions happens when there is an error during the refresh of the access token or if the credentials are invalid
windarrow_
windarrow_ā€¢6mo ago
The credentials cant be invalid if I just logged in with success So the refresh token...
Raphaƫl
RaphaĆ«lā€¢6mo ago
Yes, it's weird
windarrow_
windarrow_ā€¢6mo ago
should I try a new refresh token?
Raphaƫl
RaphaĆ«lā€¢6mo ago
@Uranium When did this error started happening for you? You can try to disconnect and reconnect your account yes
windarrow_
windarrow_ā€¢6mo ago
I did a couple of times Removed account and connected again
Raphaƫl
RaphaĆ«lā€¢6mo ago
Can you send me your .env config and hide the credentials? Are you on the latest version of twenty?
windarrow_
windarrow_ā€¢6mo ago
I am on the latest one , download yesterday or the day before at most Sorry for the quality had to zoom a lot to fit them I'm using portainer I'm dumb There is a better way xD MESSAGE_QUEUE_TYPE=pg-boss PG_DATABASE_URL=postgres://123:[email protected]:32776/default PORT=3000 REFRESH_TOKEN_SECRET=123 STORAGE_TYPE=local FILE_TOKEN_SECRET=123 ENABLE_DB_MIGRATIONS=true SERVER_URL=https://domain.pt FRONT_BASE_URL=https://domain.pt LOGIN_TOKEN_SECRET=123 ACCESS_TOKEN_SECRET=123 SIGN_IN_PREFILLED=false PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin NODE_VERSION=18.17.1 YARN_VERSION=1.22.19 REACT_APP_SERVER_BASE_URL=https://domain.pt SENTRY_RELEASE= MESSAGING_PROVIDER_GMAIL_ENABLED=true AUTH_GOOGLE_APIS_CALLBACK_URL=https://domain.pt/auth/google-apis/get-access-token CALENDAR_PROVIDER_GOOGLE_ENABLED=true IS_SIGN_UP_DISABLED=true AUTH_GOOGLE_CALLBACK_URL=https://domain.pt/auth/google/redirect [email protected] EMAIL_FROM_NAME=123 EMAIL_SMTP_HOST=smtp.office365.com EMAIL_SMTP_PASSWORD=123 EMAIL_SMTP_PORT=587 [email protected] [email protected] PG_SSL_ALLOW_SELF_SIGNED=false REACT_APP_SERVER_BASE_URL=https://domain.pt AUTH_GOOGLE_CLIENT_ID=123 AUTH_GOOGLE_CLIENT_SECRET=123
Raphaƫl
RaphaĆ«lā€¢6mo ago
Did you activate the gmail api and the calendar api on the cloud console?
Raphaƫl
RaphaĆ«lā€¢6mo ago
No description
windarrow_
windarrow_ā€¢6mo ago
Yup!
windarrow_
windarrow_ā€¢6mo ago
No description
Raphaƫl
RaphaĆ«lā€¢6mo ago
It's weird that you have no request at all
windarrow_
windarrow_ā€¢6mo ago
Besides "login in" with the google oauth in the setup process after that I get Sync failed So I never requested anything I think this might be on the google side of things no ?
Raphaƫl
RaphaĆ«lā€¢6mo ago
The local config seems fine indeed
windarrow_
windarrow_ā€¢6mo ago
My google console seems fine I'm no expert but the api is enabled, is in the scope of the oauth app cant see what could be missing
Raphaƫl
RaphaĆ«lā€¢6mo ago
When you go to https://myaccount.google.com/data-and-privacy, under Data from apps and services you use, do you see your app in Third-party apps & services ?
Raphaƫl
RaphaĆ«lā€¢6mo ago
No description
windarrow_
windarrow_ā€¢6mo ago
[Nest] 34 - 06/28/2024, 8:53:41 AM LOG [GoogleCalendarSyncJob] google calendar sync for workspace 12312123123 and account 123123123 Exception Captured undefined [ GaxiosError: invalid_request at Gaxios._request (/app/node_modules/gaxios/build/src/gaxios.js:140:23) at async GoogleCalendarSyncService.getEventsFromGoogleCalendar (/app/packages/twenty-server/dist/src/modules/calendar/services/google-calendar-sync/google-calendar-sync.service.js:169:42) at async GoogleCalendarSyncService.startGoogleCalendarSync (/app/packages/twenty-server/dist/src/modules/calendar/services/google-calendar-sync/google-calendar-sync.service.js:74:43) at async GoogleCalendarSyncJob.handle (/app/packages/twenty-server/dist/src/modules/calendar/jobs/google-calendar-sync.job.js:35:9) at async MessageQueueExplorer.invokeProcessMethods (/app/packages/twenty-server/dist/src/engine/integrations/message-queue/message-queue.explorer.js:111:21) at async MessageQueueExplorer.handleProcessor (/app/packages/twenty-server/dist/src/engine/integrations/message-queue/message-queue.explorer.js:102:13) { response: { config: [Object], data: [Object], headers: [Object], status: 400, statusText: 'Bad Request', request: [Object] }, config: { method: 'POST', url: 'https://oauth2.googleapis.com/token', data: 'refresh_token=REDATED&client_id=&client_secret=&grant_type=refresh_token', headers: [Object], paramsSerializer: [Function: paramsSerializer], body: 'refresh_token=REDATED&client_id=&client_secret=&grant_type=refresh_token', validateStatus: [Function: validateStatus], responseType: 'json' }, code: '400' } ] I get this in my worker
Raphaƫl
RaphaĆ«lā€¢6mo ago
Did you edit this part to hide your credentials ? refresh_token=REDATED&client_id=&client_secret=&grant_type=refresh_token
windarrow_
windarrow_ā€¢6mo ago
Yup like that Yup
Raphaƫl
RaphaĆ«lā€¢6mo ago
But in the original response you correctly see your refresh_token, your client_id and your client_secret?
windarrow_
windarrow_ā€¢6mo ago
No.. I dont see client_id is = to client_id I think I know the problem the worker has diferent .envs I need the google stuff there as well
Raphaƫl
RaphaĆ«lā€¢6mo ago
Yes aha Add them and tell me if it works šŸ™‚
windarrow_
windarrow_ā€¢6mo ago
Restarting pod šŸ™‚
windarrow_
windarrow_ā€¢6mo ago
No description
windarrow_
windarrow_ā€¢6mo ago
Thanks!
Raphaƫl
RaphaĆ«lā€¢6mo ago
Great šŸ„³
windarrow_
windarrow_ā€¢6mo ago
Will I have a calendar here?
No description
Raphaƫl
RaphaĆ«lā€¢6mo ago
You have to click on settings to access the calendars settings, if you want to see the events on your calendar you just have to click on a record on company or people and go to the calendar tab šŸ˜‰
Raphaƫl
RaphaĆ«lā€¢6mo ago
No description
windarrow_
windarrow_ā€¢6mo ago
I tought I could be able to schedule things trough twenty I can only see events, but how do they connect to my object here?
Raphaƫl
RaphaĆ«lā€¢6mo ago
In a future version you will be able to create and edit events directly in twenty but for now we only import the events and connect them to your records
windarrow_
windarrow_ā€¢6mo ago
Alright But how do they "connect" Trough my contacts on my google account?=
Raphaƫl
RaphaĆ«lā€¢6mo ago
We automatically create your contacts based on the people you share an event with or if you send an email to them, and if a person with that email already exists in your crm, we link the events or the emails to them At the moment, we only create contacts for work emails, but in the future, you will have a setting to enable contact creation for non work emails also (@gmail.com, @outlook.com ...) Don't forget to launch the cron jobs šŸ˜‰ from your worker container yarn command:prod cron:messaging:messages-import yarn command:prod cron:messaging:message-list-fetch
windarrow_
windarrow_ā€¢6mo ago
Thanks! So if I add to a company a fake email [email protected] and in my google calendar invite this email to the event, that event will apear in twenty?
Raphaƫl
RaphaĆ«lā€¢6mo ago
Normally yes, but can you add fake emails to a google calendar event?
windarrow_
windarrow_ā€¢6mo ago
Yup its pending to acept I have the domain just not the email on the left
Raphaƫl
RaphaĆ«lā€¢6mo ago
Okay it should work then
windarrow_
windarrow_ā€¢6mo ago
2 guests 1 yes, 1 awaiting awaiting guests is enough to sync with twenty
Raphaƫl
RaphaĆ«lā€¢6mo ago
Yes awaiting is enough At the moment the cron to do the incremental sync for google calendar is broken, so it's not ideal but you can disconnect and reconnect your account to have your latest events synced. We will fix it in one of the following releases
windarrow_
windarrow_ā€¢6mo ago
Just create an email field and its done?
No description
windarrow_
windarrow_ā€¢6mo ago
ah thats why its not showing ok
Raphaƫl
RaphaĆ«lā€¢6mo ago
It will automatically link to companies based on the domain name of the company, no need to create an email field Also, we don't create records for people with the same domain name as yours But if you create a person manually with the email that you want, the emails and events linked to that person will appear
windarrow_
windarrow_ā€¢6mo ago
Alright thanks
Want results from more Discord servers?
Add your server