AppAuth-iOS: [Google IdP] invalid_request: Could not determine client ID from request
A large number of our macOS & iOS users have all of a sudden started seeing this error:
Error Domain=org.openid.appauth.oauth_token Code=-2 "invalid_request: Could not determine client ID from request." UserInfo={OIDOAuthErrorResponseErrorKey={
error = "invalid_request";
"error_description" = "Could not determine client ID from request.";
}, NSLocalizedDescription=invalid_request: Could not determine client ID from request., NSUnderlyingError=0x610000252180 {Error Domain=org.openid.appauth.remote-http Code=400 "{
"error": "invalid_request",
"error_description": "Could not determine client ID from request."
}" UserInfo={NSLocalizedDescription={
"error": "invalid_request",
"error_description": "Could not determine client ID from request."
}}}}
We haven’t updated our app, nor changed anything. This is what we’re doing:
NSDictionary *params = @{@"login_hint": ((loginHint == nil) ? @"Google" : loginHint)};
NSURL *successURL = [NSURL URLWithString:@"<URL>"];
OIDRedirectHTTPHandler *redirectHTTPHandler = [[OIDRedirectHTTPHandler alloc] initWithSuccessURL:successURL];
NSURL *redirectURL = [redirectHTTPHandler startHTTPListener:nil];
OIDServiceConfiguration *configuration = [GTMAppAuthFetcherAuthorization configurationForGoogle];
OIDAuthorizationRequest *request = [[OIDAuthorizationRequest alloc] initWithConfiguration:configuration
clientId:clientID
clientSecret:clientSecret
scopes:@[OIDScopeEmail, scope]
redirectURL:redirectURL
responseType:OIDResponseTypeCode
additionalParameters:params];
// performs authentication request
id <OIDAuthorizationFlowSession> currentAuthorizationFlow = [OIDAuthState authStateByPresentingAuthorizationRequest:request callback:^(OIDAuthState *_Nullable authState, NSError *_Nullable error) {
}];
It’s completely random but started happening recently (since last week). 50% of the users aren’t having any issues. I’ve ensure we’re using the latest AppAuth code.
Any ideas?
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 40 (9 by maintainers)
@yankat that should be the only thing you need to fix this. The other changes I made in order to re-order the URL parameters isn’t important, I don’t think that was the reason it was failing. If that alone has fixed it then you’re good to go 😃
@guidedways is this update: [bodyParameters addParameter:kClientIDKey value:_clientID]; [bodyParameters addParameter:kClientSecretKey value:_clientSecret]; the only thing you did to resolve this issue?
Hi Guys! I also encountered the discussed issue since about 2 weeks ago. I was able to constantly reproduce the failure during authorization process, and I can confirm that @guidedways solution above (adding client id and secret to bodyParameters) completely resolved the issue. I tested it several times and it was consistent. Thanks @guidedways !!
@guidedways I’ve heard back from a few so far with perfect results. That patch alone seems to be working!
I can’t thank you enough for your help.
@alexobenauer Start with the following change in
OIDTokenRequest.m’sURLRequestmethod:See if that alone fixes it for you.
@alexobenauer search for “Confirmed and fixed.” in my comments above.
Bump
This is a serious issue at the moment and we’ve tried everything from rebooting, reauthenticating, revoking tokens and re-authorizing - nothing seems to be working for a majority of users. As I explained, this has only started happening recently with zero code changed. I’m not sure what’s going on.