id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com #6854
Description
New Issue Checklist
- [ x] I am not disclosing a vulnerability.
- [x ] I am not just asking a question.
- [x ] I have searched through existing issues.
- [x ] I can reproduce the issue with the latest version of Parse Server.
Issue Description
oAuth login with Google fails because the TOKEN_ISSUER constant expects Google clientId passed inside Parse server init to have a different domain name than whats provided by Google.
if (jwtClaims.iss !== TOKEN_ISSUER) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
}
Steps to reproduce
new ParseServer({
...yourOptions,
auth: {
google: {
clientId: 'XXX-XXX.apps.googleusercontent.com',
}
}
});
Parse.User.linkWith('google', { authData: {id, client_id, access_token } });
Actual Outcome
verbose: RESPONSE from [POST] /parse/functions/post_sign_in: {
"response": {
"result": {
"data": {
"message": "id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com",
"code": 101
}
}
}
error: Parse error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com {"code":101,"stack":"Error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com\n at verifyIdToken (node_modules/parse-server/lib/Adapters/Auth/google.js:91:11)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n at async Promise.all (index 0)"}
Expected Outcome
Should login the user and provide sessionToken.
Environment
Server
- Parse Server version:
4.3.0 - Operating system:
Mac OS - Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc):
localhost
Database
- System (MongoDB or Postgres):
Mongo - Database version:
4.XX - Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc):
localhost
Client
- SDK (iOS, Android, JavaScript, PHP, Unity, etc):
JS - SDK version:
1.8.0
Logs
verbose: RESPONSE from [POST] /parse/functions/post_sign_in: {
"response": {
"result": {
"data": {
"message": "id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com",
"code": 101
}
}
}
error: Parse error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com {"code":101,"stack":"Error: id token not issued by correct provider - expected: https://accounts.google.com | from: accounts.google.com\n at verifyIdToken (node_modules/parse-server/lib/Adapters/Auth/google.js:91:11)\n at processTicksAndRejections (internal/process/task_queues.js:93:5)\n at async Promise.all (index 0)"}