Node.js "passport-google-oauth2" delivers "failed to fetch user profile" error in Express application

Question

While developing the last example of a node.js's introductory book (an express.js application using authentication strategy by Google OpenID), after replacing the passport-google package (which got obsolete on April 20th, 2015) with passport-google-oauth2 package (authentication strategy by Google OAuth 2.0) and having followed the indications at its documentation's page and an example here; I got the below error after selecting my Google+ account, which was thrown by the oath2.js module, concretely calling this._oauth2.get("https://www.googleapis.com/plus/v1/people/me",...) within userProfile(accessToken, done) method. The related source code and module dependencies are below.

What could be the root of the problem?

The concrete error is:

InternalOAuthError: failed to fetch user profile
    at <...>\web-app\b4\node_modules\passport-google-oauth2\lib\oauth2.js:92:28
    at passBackControl (<...>\web-app\b4\node_modules\passport-google-oauth2\node_modules\passport-oauth2\node_modules\oauth\lib\oauth2.js:124:9)
    at IncomingMessage.<anonymous> (<...>\web-app\b4\node_modules\passport-google-oauth2\node_modules\passport-oauth2\node_modules\oauth\lib\oauth2.js:143:7)
    at IncomingMessage.emit (events.js:129:20)
    at _stream_readable.js:908:16
    at process._tickCallback (node.js:355:11)

The related application's code is:

  passport = require('passport'),
  //...
  GoogleStrategy = require('passport-google-oauth2').Strategy; // #passport-google-oauth2
  //...
  /***** #passport-google-oauth2 vv *****/
  passport.use(new GoogleStrategy({
    clientID: "a_specific_value",
    clientSecret: "another_specific_value",
    callbackURL: "http://127.0.0.1:3000/auth/google/callback",
    passReqToCallback:true
  },
  function(request, accessToken, refreshToken, profile, done) {
      profile.identifier=profile.id;
      return done(null, profile);
  }
  ));
  /***** #passport-google-oauth2 ^^ *****/
  //...
  /*****  #passport-google-oauth2 vv    *****/
  app.get('/auth/google',
  passport.authenticate('google', { successRedirect: '/',scope:
    [ 'https://www.googleapis.com/auth/userinfo.email']})
  );
  app.get( '/auth/google/callback',
    passport.authenticate( 'google', {
        successRedirect: '/',
        failureRedirect: '/'
  }));
  /*****  #passport-google-oauth2 ^^    *****/    

The application has the following dependencies:

b4@0.0.1
├─┬ connect-redis@1.4.7
│ ├─┬ debug@2.1.3
│ │ └── ms@0.7.0
│ └── redis@0.10.3
├─┬ cookie-parser@1.3.4
│ ├── cookie@0.1.2
│ └── cookie-signature@1.0.6
├─┬ express@3.3.8
│ ├── buffer-crc32@0.2.1
│ ├─┬ commander@1.2.0
│ │ └── keypress@0.1.0
│ ├─┬ connect@2.8.8
│ │ ├── bytes@0.2.0
│ │ ├── formidable@1.0.14
│ │ ├── pause@0.0.1
│ │ ├── qs@0.6.5
│ │ └── uid2@0.0.2
│ ├── cookie@0.1.0
│ ├── cookie-signature@1.0.1
│ ├─┬ debug@2.1.3
│ │ └── ms@0.7.0
│ ├── fresh@0.2.0
│ ├── methods@0.0.1
│ ├── mkdirp@0.3.5
│ ├── range-parser@0.0.4
│ └─┬ send@0.1.4
│   └── mime@1.2.11
├─┬ express-session@1.11.1
│ ├── cookie@0.1.2
│ ├── cookie-signature@1.0.6
│ ├── crc@3.2.1
│ ├─┬ debug@2.1.3
│ │ └── ms@0.7.0
│ ├── depd@1.0.1
│ ├── on-headers@1.0.0
│ ├── parseurl@1.3.0
│ ├─┬ uid-safe@1.1.0
│ │ ├── base64-url@1.2.1
│ │ └── native-or-bluebird@1.1.2
│ └── utils-merge@1.0.0
├─┬ morgan@1.5.2
│ ├── basic-auth@1.0.0
│ ├─┬ debug@2.1.3
│ │ └── ms@0.7.0
│ ├── depd@1.0.1
│ └─┬ on-finished@2.2.0
│   └── ee-first@1.1.0
├─┬ npmlog@0.0.4
│ └── ansi@0.1.2
├─┬ passport@0.2.1
│ ├── passport-strategy@1.0.0
│ └── pause@0.0.1
├─┬ passport-google-oauth2@0.1.6
│ └─┬ passport-oauth2@1.1.2
│   ├── oauth@0.9.12
│   ├── passport-strategy@1.0.0
│   └── uid2@0.0.3
├── q@0.9.7
├── redis@0.8.6
└─┬ request@2.27.0
  ├── aws-sign@0.3.0
  ├── cookie-jar@0.3.0
  ├── forever-agent@0.5.2
  ├─┬ form-data@0.1.4
  │ ├── async@0.9.0
  │ └─┬ combined-stream@0.0.7
  │   └── delayed-stream@0.0.5
  ├─┬ hawk@1.0.0
  │ ├── boom@0.4.2
  │ ├── cryptiles@0.2.2
  │ ├── hoek@0.9.1
  │ └── sntp@0.2.4
  ├─┬ http-signature@0.10.1
  │ ├── asn1@0.1.11
  │ ├── assert-plus@0.1.5
  │ └── ctype@0.5.3
  ├── json-stringify-safe@5.0.0
  ├── mime@1.2.11
  ├── node-uuid@1.4.3
  ├── oauth-sign@0.3.0
  ├── qs@0.6.6
  └── tunnel-agent@0.3.0

Answer 1

In my case, the error "Failed to fetch user profile" was caused by a bug in the grand-parent library node-oauth. Specifically, it was a double callback handling.

https://github.com/jaredhanson/passport-google-oauth2/issues/87

These libraries passport-google-oauth2, node-oauth are very old and not maintained well. And I didn't want to play with my own forks on GitHub. I quickly fixed it with a package patch approach.

https://dev.to/zhnedyalkow/the-easiest-way-to-patch-your-npm-package-4ece

How I applied a patch for the node-oauth library with patch-package:

1. Install patch-package library.

2. Patch node_modules/oauth/lib/oauth2.js with the code:

  request.on('error', function(e) {
    // `www.googleapis.com` does `ECONNRESET` just after data is received in `passBackControl`
    // this prevents the callback from being called twice, first in passBackControl and second time in here
    // see also NodeJS Stream documentation: "The 'error' event may be emitted by a Readable implementation at any time"
    if(!callbackCalled) {
      callbackCalled= true;
      callback(e);
    }
  });

3. Run npx patch-package node-oauth.
4. Commit the patch file to my git repository.

Answer 2

This error is also thrown when logging in to an unpublished OAuth app with a user which is not in the Test Users list (under OAuth consent screen in Google's project console).

Answer 3

When I change my package from passport-google-oauth to passport-google-oauth20, everything start to work properly.

Answer 4

After some research, the root cause of the issue in my case was that I initially used

userProfileURL:"https://googleapis.com/oauth2/v3/userinfo" (WRONG)

instead of using

userProfileURL:"https://**www**.googleapis.com/oauth2/v3/userinfo"

Screenshot

Answer 5

I was also facing the same issue ! Solution: Inside of
passport.use(new GoogleStrategy({ clientID: "a_specific_value", clientSecret: "another_specific_value", callbackURL: "http://127.0.0.1:3000/auth/google/callback", passReqToCallback:true, ********************************* },

On the stared line add this link "https://www.googleapis.com/oauth2/v3/userinfo" Final code will be as shown below passport.use(new GoogleStrategy({ clientID: GOOGLE_CLIENT_ID, clientSecret:.GOOGLE_CLIENT_SECRET, callbackURL: "http://localhost:3000/auth/google/secrets", passReqToCallback:true, userProfileURL:"https://www.googleapis.com/oauth2/v3/userinfo" }, This hope solves the problem !

Answer 6

I found the same error and I solved it doing this:

In package.json, change "passport" value to "^0.4.0" and "passport-google-oauth" to "^2.0.0". Run "npm install" again.

Answer 7

I'm using Google OAuth 2.0 Playground and in my case the reason for this error was that my token has simply expired. Refreshing it in Playground resolved the issue.

Answer 8

The scope you are using is deprecated now :

passport.authenticate('google', { successRedirect: '/',scope:
  [ 'https://www.googleapis.com/auth/userinfo.email']})
);

Instead, we must use this one:

passport.authenticate('google', { successRedirect: '/',scope:
  ['email']
}));

You can also get the profile scope:

passport.authenticate('google', { successRedirect: '/',scope:
  [ 'email', 'profile' ]
}));

Answer 9

I just fortunately found a similar issue at jaredhanson/passport-google-oauth, which gave me the idea to go to the Google's project console and simply enable the Google+ API, which was "turned off" (oh me!!, naive developer of his first application based on Google+). That was the root of the problem. I tried again and the oauth2 started receiving profiles correctly.