W
Wasp2w ago
ralph

Getting "An unknown error occurred while trying to log in with the OAuth provider." on deployed app

Logs attached. I have my JTW set on both my client and server env. Deployed on railway using a custom domain on my server since google redirect URI didn't like the railway domain.

message.txt

17 Replies
kapa.ai
kapa.ai2w ago
Hi @ralph. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
ralph
ralphOP2w ago
Attempting to use Google auth.
kapa.ai
kapa.ai2w ago
---------------------- Based on the information in the knowledge sources, here are the most common causes and troubleshooting steps for the error "An unknown error occurred while trying to log in with the OAuth provider" in a deployed Wasp app: 1. Environment Variables
Ensure that all required environment variables are set correctly on your Railway deployment: - DATABASE_URL - WASP_WEB_CLIENT_URL (should be your deployed frontend URL) - WASP_SERVER_URL (should be your deployed backend URL, matching your custom domain) - JWT_SECRET (at least 32 characters) - GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET (from your Google Cloud OAuth app)
These must be set in the Railway dashboard under the Variables tab for your server deployment. Missing or incorrect values, especially for the OAuth provider, will cause login failures Deploying Manually: Environment Variables. 2. Google OAuth Redirect URI
The redirect URI registered in your Google Cloud project must exactly match the deployed server's callback endpoint, e.g.: 
   <https://your-custom-domain.com/auth/google/callback>
   
   <https://your-custom-domain.com/auth/google/callback>
If you switched to a custom domain, make sure this is reflected in both your Google Cloud OAuth settings and your WASP_SERVER_URL environment variable Google Auth: Creating a Google OAuth App. 3. JWT_SECRET Location
The JWT_SECRET should only be set on the server, not the client. The client does not need access to this secret, and exposing it can be a security risk Deploying Manually: Environment Variables. 4. .env.server File
Make sure your .env.server file (or Railway environment variables) contains the correct values for GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET Google Auth: Adding Environment Variables. 5. Check Logs for Specific Errors
If the logs mention missing environment variables (e.g., "The Google auth provider requires clientID provided via env variables"), this points to a misconfiguration in your environment variables Discord: Oauth redirects to localhost:3001 instead of 3000. 6. WASP_SERVER_URL and WASP_WEB_CLIENT_URL Consistency
Both must be set and must match your deployed domains. If you use a custom domain for the server, update both the environment variable and the Google OAuth redirect URI accordingly Migration from 0.12.X to 0.13.X. Summary of steps to check: - Double-check all environment variables in Railway. - Ensure Google OAuth redirect URI matches your deployed server's /auth/google/callback endpoint. - Do not set JWT_SECRET on the client. - Review server logs for missing or misconfigured variables. If after these checks the issue persists, please provide the specific error message from the server logs for further troubleshooting. The knowledge sources do not provide more detailed debugging steps for this error, so if the above does not resolve it, more information from your logs would be needed. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @ralph, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
ralph
ralphOP2w ago
Sorry kapa this might be too hard for you. @Wasp Team any suggestions? Potentially might be a cookies issues with oauth/cookies.ts since my server custom domain is a subdomain of my clients custom domain?
ralph
ralphOP2w ago
this is what I get when I try to add the railway server deployment generated URL btw:
No description
NEROX
NEROX2w ago
Hey @ralph random question, why do you want to set the railway server and not just your server custom subdomain?
ralph
ralphOP2w ago
uhh saw another user successfully got google oauth working using railway server thought it might be less of a headache but yeah I’m using server.plshireme.ca on my server deployment and plshireme.ca on my client deployment everything else works just oauth being weird, have the oauth redirect uri set in google console as the server.plshireme.ca redirect one as well
miho
miho2w ago
Can you share your env variables (you can replace secrets with XXX)? Also, did you use the configFn for the Google auth? If yes, please that as well 🙂
ralph
ralphOP2w ago
what if I just give you my secrets too? 😉 I used the default configFn 
export function getGoogleAuthConfig() {
  return {
    scopes: ['profile', 'email'], // must include at least 'profile' for Google
  };
}
export function getGoogleAuthConfig() {
  return {
    scopes: ['profile', 'email'], // must include at least 'profile' for Google
  };
}
Server env: 
{
  "DATABASE_URL": "${{Postgres.DATABASE_URL}}",
  "FASTAPI_BASE_URL": "https://api-service-production-d3c6.up.railway.app",
  "FASTAPI_SERVICE_API_KEY": "${{shared.FASTAPI_SERVICE_API_KEY}}",
  "GOOGLE_ANALYTICS_CLIENT_EMAIL": "analytics@ralphroque-portfolio.iam.gserviceaccount.com",
  "GOOGLE_ANALYTICS_PRIVATE_KEY": "XXX",
  "GOOGLE_ANALYTICS_PROPERTY_ID": "337464365",
  "GOOGLE_CLIENT_ID": "995537060987-s75r6fsnosudugbnschu9pcfp2rb6qdo.apps.googleusercontent.com",
  "GOOGLE_CLIENT_SECRET": "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",
  "JWT_SECRET": "XXX",
  "PLAUSIBLE_SITE_ID": "plshireme.ca",
  "SMTP_HOST": "smtp.mailersend.net",
  "SMTP_PASSWORD": "XXX",
  "SMTP_PORT": "2525",
  "SMTP_USERNAME": "MS_qtQFBY@plshireme.ca",
  "STRIPE_API_KEY": "sk_test_51RbBigRuZhUj7yREZQpTc51KyIp7FAeAfI6uYnAt24cVlKBq7ly7RMrzsd0LKayKm74HMiesZyMwQ9CKkP96Ihml00UXfQqRJl",
  "STRIPE_CUSTOMER_PORTAL_URL": "https://billing.stripe.com/p/login/test_eVqeVf3WkekncXx1S848000",
  "STRIPE_WEBHOOK_SECRET": "XXX",
  "WAITLIST_MODE": "false",
  "WASP_SERVER_URL": "https://server.plshireme.ca/",
  "WASP_WEB_CLIENT_URL": "https://plshireme.ca/"
}
{
  "DATABASE_URL": "${{Postgres.DATABASE_URL}}",
  "FASTAPI_BASE_URL": "https://api-service-production-d3c6.up.railway.app",
  "FASTAPI_SERVICE_API_KEY": "${{shared.FASTAPI_SERVICE_API_KEY}}",
  "GOOGLE_ANALYTICS_CLIENT_EMAIL": "analytics@ralphroque-portfolio.iam.gserviceaccount.com",
  "GOOGLE_ANALYTICS_PRIVATE_KEY": "XXX",
  "GOOGLE_ANALYTICS_PROPERTY_ID": "337464365",
  "GOOGLE_CLIENT_ID": "995537060987-s75r6fsnosudugbnschu9pcfp2rb6qdo.apps.googleusercontent.com",
  "GOOGLE_CLIENT_SECRET": "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",
  "JWT_SECRET": "XXX",
  "PLAUSIBLE_SITE_ID": "plshireme.ca",
  "SMTP_HOST": "smtp.mailersend.net",
  "SMTP_PASSWORD": "XXX",
  "SMTP_PORT": "2525",
  "SMTP_USERNAME": "MS_qtQFBY@plshireme.ca",
  "STRIPE_API_KEY": "sk_test_51RbBigRuZhUj7yREZQpTc51KyIp7FAeAfI6uYnAt24cVlKBq7ly7RMrzsd0LKayKm74HMiesZyMwQ9CKkP96Ihml00UXfQqRJl",
  "STRIPE_CUSTOMER_PORTAL_URL": "https://billing.stripe.com/p/login/test_eVqeVf3WkekncXx1S848000",
  "STRIPE_WEBHOOK_SECRET": "XXX",
  "WAITLIST_MODE": "false",
  "WASP_SERVER_URL": "https://server.plshireme.ca/",
  "WASP_WEB_CLIENT_URL": "https://plshireme.ca/"
}
Client env: 
{
  "DATABASE_URL": "${{shared.DATABASE_URL}}",
  "PORT": "8043",
  "REACT_APP_GOOGLE_ANALYTICS_ID": "G-2VFQMCSW8N",
  "WASP_SERVER_URL": "https://server.plshireme.ca/",
  "WASP_WEB_CLIENT_URL": "https://plshireme.ca"
}
{
  "DATABASE_URL": "${{shared.DATABASE_URL}}",
  "PORT": "8043",
  "REACT_APP_GOOGLE_ANALYTICS_ID": "G-2VFQMCSW8N",
  "WASP_SERVER_URL": "https://server.plshireme.ca/",
  "WASP_WEB_CLIENT_URL": "https://plshireme.ca"
}
@miho here is where a user was having a similar problem to me Seems like it works fine in local dev: 
[ Server!] (Use `node --trace-warnings ...` to show where the warning was created)
[ Server ] [Wasp Auth Hook - onAfterSignup] Hook triggered.
[ Server ] [Wasp Auth Hook - onAfterSignup] Attempting to create user in FastAPI for new Wasp user ID: b117da5c-d202-40ec-8981-adf2b4089b54
[ Server ] [Wasp Auth Hook - onAfterSignup] Successfully created user in FastAPI for Wasp user b117da5c-d202-40ec-8981-adf2b4089b54. FastAPI response: {
[ Server ]   user_id: '689f589398ac879f4c0a99d6',
[ Server ]   username: 'b117da5c-d202-40ec-8981-adf2b4089b54',
[ Server ]   message: 'User created successfully'
[ Server ] }
[ Server ] GET /auth/google/callback?state=KbNyp4ESeOoJv_PztyKj2Xy3uwBb1rjwUAq_AdIjYFc&code=4%2F0AVMBsJjraA1q25NNyeSU2cngCx-nfreNIuseR4Ph0-zIag8VmxbwECRkczxMaB9kI5Ofkw&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=2&prompt=consent 302 462.680 ms - -
[ Server ] GET /auth/me 401 0.869 ms - 43
[ Server ] POST /operations/get-app-config 200 1.399 ms - 33
[ Server ] POST /auth/exchange-code 200 16.796 ms - 56
[ Server ] GET /auth/me 200 16.516 ms - 440
[ Server ] GET /auth/me 304 10.139 ms - -
[ Server!] (Use `node --trace-warnings ...` to show where the warning was created)
[ Server ] [Wasp Auth Hook - onAfterSignup] Hook triggered.
[ Server ] [Wasp Auth Hook - onAfterSignup] Attempting to create user in FastAPI for new Wasp user ID: b117da5c-d202-40ec-8981-adf2b4089b54
[ Server ] [Wasp Auth Hook - onAfterSignup] Successfully created user in FastAPI for Wasp user b117da5c-d202-40ec-8981-adf2b4089b54. FastAPI response: {
[ Server ]   user_id: '689f589398ac879f4c0a99d6',
[ Server ]   username: 'b117da5c-d202-40ec-8981-adf2b4089b54',
[ Server ]   message: 'User created successfully'
[ Server ] }
[ Server ] GET /auth/google/callback?state=KbNyp4ESeOoJv_PztyKj2Xy3uwBb1rjwUAq_AdIjYFc&code=4%2F0AVMBsJjraA1q25NNyeSU2cngCx-nfreNIuseR4Ph0-zIag8VmxbwECRkczxMaB9kI5Ofkw&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=2&prompt=consent 302 462.680 ms - -
[ Server ] GET /auth/me 401 0.869 ms - 43
[ Server ] POST /operations/get-app-config 200 1.399 ms - 33
[ Server ] POST /auth/exchange-code 200 16.796 ms - 56
[ Server ] GET /auth/me 200 16.516 ms - 440
[ Server ] GET /auth/me 304 10.139 ms - -
MEE6
MEE62w ago
Wohooo @ralph, you just became a Waspeteer level 4!
miho
miho2w ago
Invalid state might point to some cookies not being set properly (because we set the state via cookies between two server requests) and this might point to some domain issues. Maybe some common things to look at: - are the env vars set properly (I can see that WASP_SERVER_URL env var is OK) - are you using HTTPS (I can see that is OK) - is the deployed app using correct env vars and not just the dev app? (I guess you made sure of that) Let me try to log in into app and see what's going on with the cookies 🙂
miho
miho2w ago
Notice that the domain is not your custom server domain. Cookies are set for the Railway generated server URL. Are you 100% sure that WASP_SERVER_URL is set correctly for the deployed app?
No description
ralph
ralphOP2w ago
hey turns out im just stupid sorry miho was building the client end using this 
REACT_APP_API_URL=https://server-production-7ddb.up.railway.app/ ./deploy_client.sh
REACT_APP_API_URL=https://server-production-7ddb.up.railway.app/ ./deploy_client.sh
and not the new subdomain how do u like my app though pretty cool huh
miho
miho2w ago
I love the design, yep! Please share when you go live, we love giving feedback 🙂
miho
miho2w ago
This is a cool detail
No description
miho
miho2w ago
No worries about the error - I've made the same mistake... maybe 10 times in my projects!
ralph
ralphOP2w ago
tnx dad love u

Did you find this page helpful?