Project

General

Profile

Forums » Help »

Trouble with Google OAuth

Added by Cassie Nicol about 10 years ago

I have had trouble with the Google OAuth code. It can be seen in both Hangman and features/oauth1 examples.

What is happening is that the return variable verfied_email is sometimes returned as a string instead of a bool. This causes the code to throw a Json exception.

should be

""verified_email"": true,

sometimes is

""verified_email"": ""true"",

I have written a work-around for it in Wt/Auth/GoogleService.C, but it is kind of sloppy.

My modified version is here: http://www.nordiccodes.com/code/GoogleService.C starting at line 91.

I am not sure where the proper place to place a fix should go. or if I miss a method in the Json classes to handle this problem.

Thanks,

Cassie Ellen


Replies (3)

RE: Trouble with Google OAuth - Added by Koen Deforche about 10 years ago

Hey Cassie,

Ah, google must have been changing their mind on this. I've allocated a ticket for this:

I believe we should be able to use Value::toBool() as this already converts "true" to true?

Regards,

koen

RE: Trouble with Google OAuth - Added by Cassie Nicol about 10 years ago

yes, changing GoogleService.C (87)

from

bool emailVerified = userInfo.get("verified_email").orIfNull(false);

to

bool emailVerified = userInfo.get("verified_email").toBool().orIfNull(false);

seems to work for me.

What really confuses me is why Google would randomly return either a string or a bool. It would seem that the same code would return the same kind of value. But that assumes that the database is always returning boolean values the same way. And I know the problem with assumptions.

Thanks for the advice. This change produces much cleaner code.

I do have one more question. In the hangman example. Google returns "verified_email", but it is not used. The registration process still sends out an email for verification. Was that the intended behavior?

Cassie Ellen

RE: Trouble with Google OAuth - Added by Koen Deforche about 10 years ago

Hey,

As to the use of OAuth verified_mail, I recall reading that it does not actually mean 'verified' in the sense of having asserted that the user actually controls it (although I cannot think of what else it could represent).

Regards,

koen

    (1-3/3)