Zammad: Google login/auth not working, I get 422 every time

Created on 14 Nov 2018 · 3Comments · Source: zammad/zammad

Infos:

Used Zammad version: 2.7.0, 1542128389.fd858449.centos7
Installation method (source, package, ..): centos7 zammad repository
Operating system: centos7.5
Database + version: posgresql 9.2.24
Elasticsearch version: 5.6.13
Browser + version: Chrome 70.0.3538.77 (Official Build) (64-bit)

Expected behavior:

Google Auth login to work as expected

Actual behavior:

I get an error - 422: The change you wanted was rejected. Message from google_oauth2: invalid_credentials

Steps to reproduce the behavior:

I installed latest Zammad, followed the documentation, set up a project in google cloud, setup the credentials in Zammad, I have my domain verified and everything, and it doesn't work. With the same setup for google auth it works in several grafana instances with no issues.

Login from the main page doesn't work for new or existing users, also existing users with user/pass can't link their google accounts - all get the same error.

Yes I'm sure this is a bug and no feature request or a general question.

production.log

question verified

Source

infestdead

Most helpful comment

Thanks, I can confirm that after enabling the Google+ API - now it works as expected.

infestdead on 16 Nov 2018

❤3

All 3 comments

Same problem here btw. The callback URL is correct and the google account under the same email exists and owns the project actually where zammad got its client key + secret.. i tried to find some google logs for IAM / Auth but was not successful.

Is there any way to find logs for auth oauth requests to your project?

ndom91 on 16 Nov 2018

Thanks for posting.
I could verify this with a project that has never had authentication enabled - but:
This is not a Bug.

The cause of this Problem can be found within log/web-1.log:

I, [2018-11-16T10:39:42.637447 #23972]  INFO -- omniauth: (google_oauth2) Request phase initiated.
I, [2018-11-16T10:39:42.970970 #23972]  INFO -- omniauth: (google_oauth2) Callback phase initiated.
E, [2018-11-16T10:39:43.325612 #23972] ERROR -- omniauth: (google_oauth2) Authentication failure! invalid_credentials: OAuth2::Error, {"errors"=>[{"domain"=>"usageLimits", "reason"=>"accessNotConfigured", "message"=>"Access Not Configured. Google+ API has not been used in project [PROJECTID_GOOGLE] before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[PROJECTID_GOOGLE] then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.", "extendedHelp"=>"https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[PROJECTID_GOOGLE]"}], "code"=>403, "message"=>"Access Not Configured. Google+ API has not been used in project [PROJECTID_GOOGLE] before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[PROJECTID_GOOGLE] then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."}:
{
 "error": {
  "errors": [
   {
    "domain": "usageLimits",
    "reason": "accessNotConfigured",
    "message": "Access Not Configured. Google+ API has not been used in project [PROJECTID_GOOGLE] before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[PROJECTID_GOOGLE] then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
    "extendedHelp": "https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[PROJECTID_GOOGLE]"
   }
  ],
  "code": 403,
  "message": "Access Not Configured. Google+ API has not been used in project [PROJECTID_GOOGLE] before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[PROJECTID_GOOGLE] then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
 }
}

You actually need to enable the Google+ API before being able to authenticate users via Google.
I'll be working on a documentation update, as this part of our docs is poorly written. Sorry for the inconveniences you may have encountered.

Visit the following link (you need to adjust it with your API-Project-ID) to enable Google+ API:
https://console.developers.google.com/apis/api/plus.googleapis.com/overview?project=[Your-API-Project-ID]

I'll be closing this issue - you can find the documentation issue here: https://github.com/zammad/zammad-admin-documentation/issues/10

MrGeneration on 16 Nov 2018

Thanks, I can confirm that after enabling the Google+ API - now it works as expected.

infestdead on 16 Nov 2018

❤3

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Send notification email containing note-text

robwilc · 3Comments

Default value not set for attributes of type input, select, tree_select, richtext, textarea, checkbox

MBekspert · 3Comments

Cannot use ticket templates since 2.4 anymore

sthag · 3Comments

Outbound "Email Notification" configuration via port 465 defect

fthommen · 3Comments

Send postmaster email to sender if email is too big and not processed by Zammad

martini · 3Comments