Google Openid Setup Document Requires Corrected #134
Description
I have recently installed kasm workspace on my ubuntu server and tried to integrate google openid with it. According to the latest document, I filled everything well but got internal error.
host: kasm
ingest_date: 20250228153838
application: kasm_api
levelname: ERROR
process: cherrypy.error.136976736925888
client_ip: 2a02:9a0:102:1798:71d1:d887:5023:d34a, 10.1.0.1
user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
message
[28/Feb/2025:15:38:38] HTTP
Traceback (most recent call last):
File "cherrypy/_cprequest.py", line 659, in respond
File "cherrypy/_cprequest.py", line 718, in _do_respond
File "cherrypy/lib/encoding.py", line 223, in __call__
File "cherrypy/_cpdispatch.py", line 54, in __call__
File "utils.py", line 117, in wrapper
File "client_api.py", line 971, in oidc_callback
File "authentication/oidc/__init__.py", line 52, in process_callback
File "requests_oauthlib/oauth2_session.py", line 360, in fetch_token
File "oauthlib/oauth2/rfc6749/clients/base.py", line 427, in parse_request_body_response
File "oauthlib/oauth2/rfc6749/parameters.py", line 441, in parse_token_response
File "oauthlib/oauth2/rfc6749/parameters.py", line 471, in validate_token_parameters
Warning: Scope has changed from "openid https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile" to "openid https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email".
This implies that the order of the scope given by the document is not correct. After changing the order, I could finally log in with my google account.