Google 403 and 404 errors

Google redirects to the same page with 403 or 404 error when trying to connect:

Actually these 403 and 404 errors are related to a server setting, or maybe a firewall that does not allow passing http/https links in the URL.

Use case:

When the user tries to log in with the Google Porivder, the URL in the Pop-up will be similar like:
https://example.com/wp-login.php?loginSocial=google&state=##############&code=###############&scope=https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile
The problem is related to these two old scopes:

  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile

To avoid this problem, we are already using the new scopes since Nextend Social Login 3.0.14:

  • email
  • profile

which are the new equivalents of the old scopes. However Google still returns the old scopes in the returned URL.

That the issue is actually related to these old scopes can be confirmed by replacing the old scopes in the URL with the new ones like:
https://example.com/wp-login.php?loginSocial=google&state=##############&code=###############&scope=email+profile

Once it is done, the authentication will be succesfull, which means your server or firewall block the URLs which have http/https links in them.

Suggestions:

Unfortunately there is nothing on our end, that could be done to avoid this issue, since the returned scopes are depend on Google.

  • The best we can suggest is getting in touch with your host, asking them to enable these HTTP/HTTPS links in the URL.
  • According the feedback of our customers, this problem can also be caused by ModSecurity, specifically rules 11085 and 11089 which were restricting access. Removing them via their .htaccess file fixed the issue.