gBridge
gBridge copied to clipboard
kservices
Google Account linking fails with 'Invalid ClientID'
I have tried the above fixes to the docker-compose file and ApplicationServiceProvider file and still having issues with the account linking being redirected to /gapi/auth. Is there something else I have missed. I have had a look in the docker-compose logs for errors but everything appears ok, no fatal errors.
To try and get round the proxy issue I used my Sophos firewall WAF function, and stopped apache. I can know add account details as page direct is right but on pressing 'Link Accounts' I get a red error box on the web page saying 'request by Googlehome is malformed .... Invalid ClientID provided'. Checked google console and docker-compose file and clientid entry match. Is this another issue.
Originally posted by @jaseuk73 in https://github.com/kservices/gBridge/issues/17#issuecomment-452737123
The proxy issue will be solved with the update on saturday.
This seems like a different issue. First a simple thing, to make sure there is no misunterstanding: Could you read #26 ? Are you linking the account as described there?
thank you for the assistance @peterkappelt . I mis-read the docs and thought you linked it from web page, my apologies. I have now used the home app and selected my [test] app and tried linking, not getting any errors on web page but when I press 'link account', details in the email and password boxes clear and nothing else happens. Checked local bridge web page and no account link shown. I will check my logs to see if anything shows up. I may return the vm to base condition and create new docker-compose after Saturday to remove any possible issues using Sophos as pseudo proxy. I will post any relevant info from logs if found.
Were you able to resolve the problems? Do you need further assistance?
@peterkappelt I have been bashing my head against this problem for the past couple of hours. I have a self-hosted instance of it running on docker. I folllowed the documention very closely. I am not sure what I am missing.
I am fairly certain there is a bug some where. The form that is rendered for linking account has no client_id value nor it has any other values. its completely empty.
<form class="form-horizontal" method="POST" accept-charset="UTF-8" action="http://192.168.1.107:8888/gapi/auth">
<input type="hidden" name="_token" value="0qRLql8b2EqPjDeWOSffUh0xfoH3si9PPoYiPl4d">
<input type="hidden" name="client_id" value="">
<input type="hidden" name="response_type" value="">
<input type="hidden" name="redirect_uri" value="">
<input type="hidden" name="state" value="">
<div class="card-content black-text">
<p><span class="card-title">Link Accounts</span></p>
<b>Hi [email protected]!</b>
<p>Click the button below to link your gBridge account to Google.</p>
</div>
<div class="card-action">
<button style="width: 100%;" class="btn waves-effect blue" type="submit">
<i class="material-icons left">navigate_next</i>Confirm Linking
</button>
</div>
</form>
I am hosting it on 192.168.1.107:8888, I even tried hacking the values in but eventually it complains about invalid RedirectURI and rightly so. Since I have a FQDN configured within app settings on Google.
I even tried removing all security barriers put by mod_proxy. Exposing the entire gBridge to the internet. But then, authentication stops working.
Lastly, I cant even see the project I have registered within Google Actions. Do I have to complete the entire process of deploying to production before I see it? Even that part of Google Actions is broken.
GoogleFulfillment 'GoogleFulfillmentName{name=actions.fulfillment.devices, template=false, explicitTemplateProject=false}' is not supported
Here is my docker compose file.
version: '3'
networks:
backend:
driver: bridge
web_frontend:
driver: bridge
services:
web:
image: 'pkap/gbridge-web:latest'
restart: always
ports:
- '8888:80'
environment:
APP_ENV: production
APP_KEY: 'base64:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx='
APP_DEBUG: 'false'
APP_LOG_LEVEL: warning
APP_URL: 'http://localhost'
DB_CONNECTION: mysql
DB_HOST: database
DB_PORT: 3306
DB_DATABASE: gbridge_db
DB_USERNAME: gbridge_db
DB_PASSWORD: xxxxxxxx
BROADCAST_DRIVER: log
CACHE_DRIVER: file
SESSION_DRIVER: file
SESSION_LIFETIME: 120
QUEUE_DRIVER: sync
REDIS_HOST: cache
REDIS_PASSWORD: 'null'
REDIS_PORT: '6379'
MAIL_DRIVER: smtp
MAIL_HOST: ERROR
MAIL_PORT: ERROR
MAIL_USERNAME: ERROR
MAIL_PASSWORD: ERROR
MAIL_ENCRYPTION: ERROR
GOOGLE_CLIENTID: adc80562f8xxxxxxxxxxxxxx0a6551
GOOGLE_PROJECTID: 'shoaib-s-home-control'
links:
- database
- cache
depends_on:
- database
- cache
networks:
- web_frontend
- backend
redis-worker:
image: 'pkap/gbridge-redis-worker:latest'
restart: always
environment:
GBRIDGE_REDISWORKER_REDIS: 'redis://cache:6379'
GBRIDGE_REDISWORKER_MQTT: 'mqtt://localhost:1883'
GBRIDGE_REDISWORKER_MQTTUSER: shoaib
GBRIDGE_REDISWORKER_MQTTPASSWORD: xxxxxxxx
GBRIDGE_REDISWORKER_HOMEGRAPHKEY: AIzaSyAm1byUyxxxxxxxxxxxxx0N7RTcfVJdsI
networks:
- backend
links:
- cache
depends_on:
- cache
database:
image: 'mysql:5'
restart: always
environment:
MYSQL_RANDOM_ROOT_PASSWORD: 'true'
MYSQL_DATABASE: gbridge_db
MYSQL_USER: gbridge_db
MYSQL_PASSWORD: nxxxxxja1xx
expose:
- '3306'
networks:
- backend
cache:
image: 'redis:4'
restart: always
expose:
- '6379'
networks:
- backend
I have even tried adding
PROXY_URL: 'https://home.mydomain.com/gbridge'
PROXY_SCHEME: 'https'
The ClientID problem still persists. My apache2 config contains
ProxyPass /gbridge/gapi http://${GBRIDGE_HOST}:${GBRIDGE_PORT}/gapi
ProxyPassReverse /gbridge/gapi http://${GBRIDGE_HOST}:${GBRIDGE_PORT}/gapi
Same!
I am trying to link through the Google Home app. Entering my information there however, gives this error:
An error occured The request by Google Home was malformed. Please try again in a few minute. If this problem persists, please contact the team of Kappelt gBridge. Invalid Client ID has been provided!
Like @shoaibali mentions; the source of gapi/auth indeed shows an empty form field:
<input type="hidden" name="client_id" value="">
I validated that GOOGLE_CLIENTID and the Client ID under Account linking in the Google Actions console are the same.
docker-compose up is successful:
Starting gbridge_cache_1 ... done
Starting gbridge_web-fpm_1 ... done
Starting gbridge_database_1 ... done
Starting gbridge_web_1 ... done
Starting gbridge_redis-worker_1 ... done
MQTT and nginx with ssl certificates are running on the server successfully as well.
I still get this famous "invalid ClientID" Below is log from docker-compose up I cannot see anything wrong here... anybody tell me why? GOOGLE_CLIENTID: [email protected] GOOGLE_PROJECTID: xxx-xxx PROXY_URL: 'https://xxx.duckdns.org' PROXY_SCHEME: 'https' I can access gbridge website and add device at https://xxx.duckdns.org without any problem. https://xxx.duckdns.org/gapi shows {"requestId":"","payload":{"errorCode":"protocolError"}} https://xxx.duckdns.org/gapi/auth shows Nice to see you again! Google is requiring access to your gBridge account. Please confirm the linking. Link Accounts Hi [email protected]! Click the button below to link your gBridge account to Google.
ubuntu@ubuntu:/opt/gbridge$ docker-compose up Starting gbridge_database_1 ... Starting gbridge_database_1 Starting gbridge_cache_1 ... Starting gbridge_cache_1 Starting gbridge_web-fpm_1 ... Starting gbridge_cache_1 ... done Starting gbridge_web_1 ... Starting gbridge_web_1 Starting gbridge_redis-worker_1 ... Starting gbridge_web_1 ... done Attaching to gbridge_web-fpm_1, gbridge_database_1, gbridge_cache_1, gbridge_redis-worker_1, g bridge_web_1 web-fpm_1 | [25-Apr-2020 19:21:37] NOTICE: fpm is running, pid 1 cache_1 | 1:C 25 Apr 19:21:42.867 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo cache_1 | 1:C 25 Apr 19:21:42.876 # Redis version=4.0.14, bits=64, commit=00000000, mo dified=0, pid=1, just started cache_1 | 1:C 25 Apr 19:21:42.876 # Warning: no config file specified, using the defau lt config. In order to specify a config file use redis-server /path/to/redis.conf web-fpm_1 | [25-Apr-2020 19:21:37] NOTICE: ready to handle connections database_1 | [i] mysqld already present, skipping creation cache_1 | 1:M 25 Apr 19:21:42.897 * Running mode=standalone, port=6379. database_1 | [i] MySQL directory already present, skipping creation cache_1 | 1:M 25 Apr 19:21:42.897 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128. cache_1 | 1:M 25 Apr 19:21:42.897 # Server initialized cache_1 | 1:M 25 Apr 19:21:42.898 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this t o take effect. database_1 | 2020-04-25 19:21:39 0 [Note] /usr/bin/mysqld (mysqld 10.4.12-MariaDB) starti ng as process 1 ... database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Using Linux native AIO database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic bui ltins cache_1 | 1:M 25 Apr 19:21:42.900 * DB loaded from disk: 0.001 seconds cache_1 | 1:M 25 Apr 19:21:42.900 * Ready to accept connections database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Uses event mutexes database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Number of pools: 1 database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Using generic crc32 instructions database_1 | 2020-04-25 19:21:41 0 [Note] mysqld: O_TMPFILE is not supported on /var/tmp (disabling future attempts) database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Completed initialization of buffer pool database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: If the mysqld execution user is authori zed, page cleaner thread priority can be changed. See the man page of setpriority(). database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: 128 out of 128 rollback segments are ac tive. database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Creating shared tablespace for temporar y tables database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Waiting for purge to start database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: 10.4.12 started; log sequence number 32 9987; transaction id 575 database_1 | 2020-04-25 19:21:41 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/my sql/ib_buffer_pool database_1 | 2020-04-25 19:21:41 0 [Note] Plugin 'FEEDBACK' is disabled. database_1 | 2020-04-25 19:21:42 0 [Note] Server socket created on IP: '::'. database_1 | 2020-04-25 19:21:42 0 [Warning] 'user' entry '@3d2acaed4198' ignored in --sk ip-name-resolve mode. database_1 | 2020-04-25 19:21:42 0 [Warning] 'proxies_priv' entry '@% root@3d2acaed4198' ignored in --skip-name-resolve mode. database_1 | 2020-04-25 19:21:42 0 [Note] InnoDB: Buffer pool(s) load completed at 200425 19:21:42 database_1 | 2020-04-25 19:21:42 0 [Note] Reading of all Master_info entries succeeded database_1 | 2020-04-25 19:21:42 0 [Note] Added new Master_info '' to hash table database_1 | 2020-04-25 19:21:42 0 [Note] /usr/bin/mysqld: ready for connections. database_1 | Version: '10.4.12-MariaDB' socket: '/run/mysqld/mysqld.sock' port: 3306 M ariaDB Server redis-worker_1 | redis-worker_1 | > [email protected] start /usr/src/gbridge-redis-worker redis-worker_1 | > node index.js redis-worker_1 | redis-worker_1 | Redis client (subscribe) connected redis-worker_1 | Redis client (cache) connected redis-worker_1 | Redis client (subscribe) successful subscribe to gbridge:u*:d*:* redis-worker_1 | MQTT client connected redis-worker_1 | Could not match topic tele/ROUTER/LWT for user 1 redis-worker_1 | Could not match topic tele/PORCH/LWT for user 1 redis-worker_1 | Could not match topic tele/GUDANG/LWT for user 1 redis-worker_1 | Could not match topic cmnd/PORCH/POWER for user 1 redis-worker_1 | Could not match topic cmnd/GUDANG/POWER for user 1 redis-worker_1 | Could not match topic stat/PORCH/POWER for user 1 redis-worker_1 | Could not match topic stat/GUDANG/POWER for user 1 redis-worker_1 | Could not match topic tele/PORCH/STATE for user 1 redis-worker_1 | Could not match topic tele/ROUTER/STATE for user 1 redis-worker_1 | Could not match topic tele/GUDANG/STATE for user 1 web_1 | 172.19.0.1 - - [25/Apr/2020:19:23:25 +0000] "GET /gapi/auth HTTP/1.1" 200 5056 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" "24.4.73.62" web-fpm_1 | 172.19.0.6 - 25/Apr/2020:19:23:23 +0000 "GET /index.php" 200 web_1 | 172.19.0.1 - - [25/Apr/2020:19:23:58 +0000] "POST /gapi/auth HTTP/1.1" 302 3551 "https://xxx.duckdns.org/gapi/auth?response_type=token&[email protected]&redirect_uri=https://oauth-redirect.googleusercontent.com/r/xxx-xxx&state=ABdO3MWiGj2ZxAb4NlzXWiMCDcdF2dCF_SodAiMDm5LE7jAuJl59xpv3pat_hzdKN8-DYFwZPkrEQm2yl4tj-cBC2HptHYhfhGOYQFeIOBBUlEt5O_wu6OMu5tGg9InSg6iD3m5-6rbxa8PEtQblvuIhkBoLDcdM7BcIv16fFO1Kk4IsQB4Uwk-t-6OEhXmBqVYNnydyqSqjbpjH9T4fplFl4LlJwXIs2GwD2lQwM7H5gnXbudGwWFdPdm1x9JRwToadPRKJZ2kQSQVlUsyhLIdtdAOU6vQojopTKixbLp8xVAok2UFBTtch2i7eAdZ6oI45F-sZ75EPLYvqZP1Lb_QHbBLx9WRdJbtUuMUZt6PYR7Ohu1NJOZ_jDmBvY0b08t64E9A4YUhIZC_q0teEhkLaD4CiMxmObc_NGd8NWw9Z-gNugsmWIG7shQFSM653P83QnpF2XzGJlTuRq2tvqIjMj1EvDPTkCu9C11szbL1RJtjtBPDoP2kVIn5PvoY2-GkZxj07k8oMiO2Iv_ObtFTTkbNEypupan4SvdnSkOV5yOaNfn4F8w1X4QkTv3q2X64bFsN7QbsP94CurQjmd6VlppUQqykPtA&user_locale=en-GB" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" "24.4.73.62" web-fpm_1 | 172.19.0.6 - 25/Apr/2020:19:23:57 +0000 "POST /index.php" 302 web_1 | 172.19.0.1 - - [25/Apr/2020:19:23:59 +0000] "GET /gapi/auth HTTP/1.1" 200 5471 "https://xxx.duckdns.org/gapi/auth?response_type=token&[email protected]&redirect_uri=https://oauth-redirect.googleusercontent.com/r/xxx-xxx&state=ABdO3MWiGj2ZxAb4NlzXWiMCDcdF2dCF_SodAiMDm5LE7jAuJl59xpv3pat_hzdKN8-DYFwZPkrEQm2yl4tj-cBC2HptHYhfhGOYQFeIOBBUlEt5O_wu6OMu5tGg9InSg6iD3m5-6rbxa8PEtQblvuIhkBoLDcdM7BcIv16fFO1Kk4IsQB4Uwk-t-6OEhXmBqVYNnydyqSqjbpjH9T4fplFl4LlJwXIs2GwD2lQwM7H5gnXbudGwWFdPdm1x9JRwToadPRKJZ2kQSQVlUsyhLIdtdAOU6vQojopTKixbLp8xVAok2UFBTtch2i7eAdZ6oI45F-sZ75EPLYvqZP1Lb_QHbBLx9WRdJbtUuMUZt6PYR7Ohu1NJOZ_jDmBvY0b08t64E9A4YUhIZC_q0teEhkLaD4CiMxmObc_NGd8NWw9Z-gNugsmWIG7shQFSM653P83QnpF2XzGJlTuRq2tvqIjMj1EvDPTkCu9C11szbL1RJtjtBPDoP2kVIn5PvoY2-GkZxj07k8oMiO2Iv_ObtFTTkbNEypupan4SvdnSkOV5yOaNfn4F8w1X4QkTv3q2X64bFsN7QbsP94CurQjmd6VlppUQqykPtA&user_locale=en-GB" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1" "24.4.73.62" web-fpm_1 | 172.19.0.6 - 25/Apr/2020:19:23:58 +0000 "GET /index.php" 200
I'm not sure if this service is still running, I believe it was shut down beginning 2020: https://about.gbridge.io/notice/
I'm not sure if this service is still running, I believe it was shut down beginning 2020
as I understand it is possible to host the service, as I believe that most in this issue are trying.