0

I am trying to use the Google+ sign in button via the javascript api. Everything works fine on Windows computers and Chromebooks, but it fails on every Mac that I have been able to test it on. (see update 2 below, this is not actually a Mac problem)

When the initial Google api file is loaded (https://apis.google.com/js/client:platform.js) an error is logged in the console, saying that https://accounts.google.com/o/oauth2/iframerpc?scope=email+profile&response_type=token+id_token&login_hint=[HINT]&origin=[ORIGIN]&action=issueToken&ss_domain=[SS_DOMAIN]&hd=[HD]&client_id=[CLIENT_ID]&hl=en&from_login=1&as=[AS] returned a server side error. When I pull up the URL in the browser directly, I get a JSON object with one property:

{"error":"internal_server_error"}

This only happens on Mac computers (Google Chrome, haven't tried another browser), and it all works fine in an incognito window. (see updates below, Mac is not the problem)

UPDATE:

I have determined that this only happens when a user is signed in to multiple Google accounts; and moreover, only when the user is trying to authenticate to my website using one of the accounts that is not marked as the "default" account (a.k.a. the first Google account that they signed into).

This also happens on Safari.

UPDATE 2:

This is NOT a Mac issue, it just happened to be coincidence that the 5 or so users that this affected were all using Macs (even though our company probably only has 10 out of 200 users that use Macs, and the only people reporting this error happened to be using Macs).

The real issue happens on any computer, but ONLY when the user is signed in to multiple Google accounts and tries to authenticate to my site using a one of their Google accounts that is not the "default" account.

P.S. Thanks to @brenjt for the subject update, which turned out to be very accurate.

Blair Connolly
  • 584
  • 2
  • 7
  • 21
  • Does this happen when you use the newer Google Sign-in library? E.g. using the code sample posted to your other question here: http://stackoverflow.com/a/29786010/72176 If so, can you point me to a live demo where I can try to reproduce this? – William Denniss Apr 22 '15 at 04:34
  • I don't know yet, I am changing some things based on the answer I received to my other question that you linked to. I will let you know after some testing. – Blair Connolly Apr 23 '15 at 17:20
  • @William Denniss, yes it does. Here's an example I've setup on my development site that has the problem: http://production-001-267.tt-intheloop.appspot.com/oauth2 – Blair Connolly Apr 23 '15 at 18:22

1 Answers1

1

Thanks for the report, Blair. It took us a while to dig into the root cause of this one, and were assisted by your comments. Assuming it's the bug we think it is - we pushed a fix to production around last Wednesday that resolves the issue. Please let me know if that's not the case!

John Hjelmstad
  • 101
  • 3
  • Well, I have tested it out, and yes the problem does seem to be fixed now (at least from a little quick testing on my end). However, because of the this problem (and some other buggy behavior that may have been related to my own JavaScript interfering with the Google libraries) I have rewritten my site to use a purely back-end implementation of oauth2 (as described here: https://developers.google.com/identity/protocols/OpenIDConnect). Which in the end I think will be a better solution for my users. – Blair Connolly May 06 '15 at 18:01
  • I added a new question regarding a problem similar with this one that affects stackoverflow as well http://stackoverflow.com/questions/30511843/google-oauth2-returns-bad-request-when-logged-with-multiple-accounts. – raisercostin May 28 '15 at 16:15