Google authentication - Error 400 (invalid_request)
Hello,
I tried to set up the connection via google on a self-hosted version of Twenty that is on my VPS but I got a 400 error that prevents me from connecting.
this is my env variables. AUTH_GOOGLE_APIS_CALLBACK_URL=https://accounts.google.com/o/oauth2/auth AUTH_GOOGLE_CALLBACK_URL=https://accounts.google.com/o/oauth2/auth AUTH_GOOGLE_CLIENT_ID=xxxxxxxx.apps.googleusercontent.com AUTH_GOOGLE_CLIENT_SECRET=xxxx-dddddd AUTH_GOOGLE_ENABLED=true CALENDAR_PROVIDER_GOOGLE_ENABLED=true Twenty version: latest (0.20.0) Thank you in advance for your help. Bastien.
this is my env variables. AUTH_GOOGLE_APIS_CALLBACK_URL=https://accounts.google.com/o/oauth2/auth AUTH_GOOGLE_CALLBACK_URL=https://accounts.google.com/o/oauth2/auth AUTH_GOOGLE_CLIENT_ID=xxxxxxxx.apps.googleusercontent.com AUTH_GOOGLE_CLIENT_SECRET=xxxx-dddddd AUTH_GOOGLE_ENABLED=true CALENDAR_PROVIDER_GOOGLE_ENABLED=true Twenty version: latest (0.20.0) Thank you in advance for your help. Bastien.
70 Replies
Missing response_type ? That's weird, @Raphaƫl any idea?
I think you are missing:
MESSAGING_PROVIDER_GMAIL_ENABLED=true
AUTH_GOOGLE_APIS_CALLBACK_URL should be http://localhost:3000/auth/google-apis/get-access-token
Replace localhost with your host name
You shouldn't put the scopes in the authorized redirect URIs but the URIs themselves
For example:
- http://localhost:3000/auth/google/redirect
- http://localhost:3000/auth/google-apis/get-access-token
Also, AUTH_GOOGLE_CALLBACK_URL should be http://localhost:3000/auth/google/redirect
Don't forget to replace http by https if you're not on localhost
Tell me if this works š
Oh ok... sorry i test it this night
its work THX
you
DO I need to set up a token in my google cloud or something like that for this to be enabled ?
I just want to sync calendar and emails not google login
Hello @windarrow_ You need to create a project on google cloud and replace the credentials with your own. You can use the calendar and message sync feature without using the google login, you just have to set
AUTH_GOOGLE_ENABLED=false in your .envso like this ? @Raphaƫl
MESSAGING_PROVIDER_GMAIL_ENABLED true
CALENDAR_PROVIDER_GOOGLE_ENABLED true
AUTH_GOOGLE_APIS_CALLBACK_URL https://mydomain.pt/auth/google-apis/#mytokenhere# ?
Do I enable in my google acount like this ?
this is my config and its works if you don't use submains replace by domain.
Thanks! now just looking in my google account here to get this client id and secret
Google Cloud Platform
Google Cloud Platform lets you build, deploy, and scale applications, websites, and services on the same infrastructure as Google.
finaly here
@windarrow_
š
Awesome stuff !!
thanks a lot
choose web app for first questions its important
it works in test mode ?
I need to submit to google to be in production this "app"
Restart or something like that?
i have same error lol
@Raphaƫl do you have an idea ?
Enabled API in google console, the calendar and gmail, updated my oauth to have those scopes
waited the night, removed and connected again and still the same
It should work in test mode but you have to authorize your email address
I did, he's the only one able to join
and he did join without any problem via the google windows
Failed insufficient permissions happens when there is an error during the refresh of the access token or if the credentials are invalid
The credentials cant be invalid if I just logged in with success
So the refresh token...
Yes, it's weird
should I try a new refresh token?
@Uranium When did this error started happening for you?
You can try to disconnect and reconnect your account yes
I did a couple of times
Removed account
and connected again
Can you send me your .env config and hide the credentials?
Are you on the latest version of twenty?
I am on the latest one , download yesterday or the day before at most
Sorry for the quality
had to zoom a lot to fit them
I'm using portainer
I'm dumb
There is a better way xD
MESSAGE_QUEUE_TYPE=pg-boss
PG_DATABASE_URL=postgres://123:[email protected]:32776/default
PORT=3000
REFRESH_TOKEN_SECRET=123
STORAGE_TYPE=local
FILE_TOKEN_SECRET=123
ENABLE_DB_MIGRATIONS=true
SERVER_URL=https://domain.pt
FRONT_BASE_URL=https://domain.pt
LOGIN_TOKEN_SECRET=123
ACCESS_TOKEN_SECRET=123
SIGN_IN_PREFILLED=false
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NODE_VERSION=18.17.1
YARN_VERSION=1.22.19
REACT_APP_SERVER_BASE_URL=https://domain.pt
SENTRY_RELEASE=
MESSAGING_PROVIDER_GMAIL_ENABLED=true
AUTH_GOOGLE_APIS_CALLBACK_URL=https://domain.pt/auth/google-apis/get-access-token
CALENDAR_PROVIDER_GOOGLE_ENABLED=true
IS_SIGN_UP_DISABLED=true
AUTH_GOOGLE_CALLBACK_URL=https://domain.pt/auth/google/redirect
[email protected]
EMAIL_FROM_NAME=123
EMAIL_SMTP_HOST=smtp.office365.com
EMAIL_SMTP_PASSWORD=123
EMAIL_SMTP_PORT=587
[email protected]
[email protected]
PG_SSL_ALLOW_SELF_SIGNED=false
REACT_APP_SERVER_BASE_URL=https://domain.pt
AUTH_GOOGLE_CLIENT_ID=123
AUTH_GOOGLE_CLIENT_SECRET=123
Did you activate the gmail api and the calendar api on the cloud console?
Yup!
It's weird that you have no request at all
Besides "login in" with the google oauth in the setup process
after that I get
Sync failed
So I never requested anything
I think this might be on the google side of things no ?
The local config seems fine indeed
My google console seems fine
I'm no expert but the api is enabled, is in the scope of the oauth app
cant see what could be missing
When you go to https://myaccount.google.com/data-and-privacy, under Data from apps and services you use, do you see your app in Third-party apps & services ?
[Nest] 34 - 06/28/2024, 8:53:41 AM LOG [GoogleCalendarSyncJob] google calendar sync for workspace 12312123123 and account 123123123
Exception Captured
undefined
[
GaxiosError: invalid_request
at Gaxios._request (/app/node_modules/gaxios/build/src/gaxios.js:140:23)
at async GoogleCalendarSyncService.getEventsFromGoogleCalendar (/app/packages/twenty-server/dist/src/modules/calendar/services/google-calendar-sync/google-calendar-sync.service.js:169:42)
at async GoogleCalendarSyncService.startGoogleCalendarSync (/app/packages/twenty-server/dist/src/modules/calendar/services/google-calendar-sync/google-calendar-sync.service.js:74:43)
at async GoogleCalendarSyncJob.handle (/app/packages/twenty-server/dist/src/modules/calendar/jobs/google-calendar-sync.job.js:35:9)
at async MessageQueueExplorer.invokeProcessMethods (/app/packages/twenty-server/dist/src/engine/integrations/message-queue/message-queue.explorer.js:111:21)
at async MessageQueueExplorer.handleProcessor (/app/packages/twenty-server/dist/src/engine/integrations/message-queue/message-queue.explorer.js:102:13) {
response: {
config: [Object],
data: [Object],
headers: [Object],
status: 400,
statusText: 'Bad Request',
request: [Object]
},
config: {
method: 'POST',
url: 'https://oauth2.googleapis.com/token',
data: 'refresh_token=REDATED&client_id=&client_secret=&grant_type=refresh_token',
headers: [Object],
paramsSerializer: [Function: paramsSerializer],
body: 'refresh_token=REDATED&client_id=&client_secret=&grant_type=refresh_token',
validateStatus: [Function: validateStatus],
responseType: 'json'
}, code: '400' }
]
I get this in my worker
Did you edit this part to hide your credentials ? refresh_token=REDATED&client_id=&client_secret=&grant_type=refresh_token
Yup like that
Yup
But in the original response you correctly see your
refresh_token, your client_id and your client_secret?No..
I dont see client_id
is = to client_id
I think I know the problem
the worker has diferent .envs
I need the google stuff there as well
Yes aha
Add them and tell me if it works š
Restarting pod š
Thanks!
Great š„³
Will I have a calendar here?
You have to click on settings to access the calendars settings, if you want to see the events on your calendar you just have to click on a record on company or people and go to the calendar tab š
I tought I could be able to schedule things trough twenty
I can only see events, but how do they connect to my object here?
In a future version you will be able to create and edit events directly in twenty but for now we only import the events and connect them to your records
Alright
But how do they "connect"
Trough my contacts on my google account?=
We automatically create your contacts based on the people you share an event with or if you send an email to them, and if a person with that email already exists in your crm, we link the events or the emails to them
At the moment, we only create contacts for work emails, but in the future, you will have a setting to enable contact creation for non work emails also (@gmail.com, @outlook.com ...)
Don't forget to launch the cron jobs š
from your worker container
yarn command:prod cron:messaging:messages-import
yarn command:prod cron:messaging:message-list-fetch
Thanks!
So if I add to a company a fake email [email protected] and in my google calendar invite this email to the event, that event will apear in twenty?
Normally yes, but can you add fake emails to a google calendar event?
Yup its pending to acept
I have the domain
just not the email on the left
Okay it should work then
2 guests
1 yes, 1 awaiting
awaiting guests is enough
to sync with twenty
Yes awaiting is enough
At the moment the cron to do the incremental sync for google calendar is broken, so it's not ideal but you can disconnect and reconnect your account to have your latest events synced. We will fix it in one of the following releases
Just create an email field and its done?
ah thats why its not showing
ok
It will automatically link to companies based on the domain name of the company, no need to create an email field
Also, we don't create records for people with the same domain name as yours
But if you create a person manually with the email that you want, the emails and events linked to that person will appear
Alright thanks