OAuth redirect url to http instead of https

[maniekes]

hi,

I think there is an issue with configuration in Oauth2 client in V1.0. (https://docs.zepp.com/docs/1.0/reference/app-settings-api/ui/auth)

Created minimal config for this module:

const auth = Auth({
      label: 'Click here to authorize',
      authorizeUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
      requestTokenUrl: 'https://oauth2.googleapis.com/token',
      clientId: 'client',
      clientSecret: 'secret',
      scope: 'https://www.googleapis.com/auth/books',
    })

it will open following url: https://accounts.google.com/o/oauth2/v2/auth?client_id=client&redirect_uri=http%3A%2F%2Fzepp-os-staging.zepp.com%2Fapp-settings%2Fredirect.html&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fbooks&state=...............

request will fail because of Error 400: redirect_uri_mismatch and setting redirect_uri=http://zepp-os-staging.zepp.com/app-settings/redirect.html, recently Google blocked http as allowed urls(I cannot even add it in google console). If i modify url in browser and change http to https, it will go to second step (login to google account, allow add access to my google api etc), however it fails at the end during request to https://oauth2.googleapis.com/token, because of the same wrong redirect_uri.

do you know if there is any workaround to force https there?

[maniekes]

i did some more testing and looks like on watch(t-rex 2) it works fine.

in app-settings.global.js i see it's caused by this line:

bu = `${window.location.protocol}//${window.location.host}/app-settings/redirect.html`,

i think it would be helpfull to fix this on simulator, but at least found workaround for now

[htoooth]

@maniekes Thanks for the feedback on this issue.
@mrcoon Take a look at this issue