GPT Actions Error - "Auth URL, Token URL and API hostname must share a root domain"

My setup is just using Oauth and my openapi.yaml is similar to yours. I’m not sure why after signing in and token exchange, it redirects me to chatGPT Plugins rather than the GPT I was signing in on (and also displays “Couldn’t log in with plugin”. If I start a new chat with the GPT, it works fine (already logged in)

1 Like

@danielsinewe sure, below

{
“openapi”: “3.0.0”,
“info”: {
“title”: “Gmail API”,
“version”: “1.0”
},
“servers”: [
{
“url”: “https://gmail.googleapis.com/gmail/v1
}
],
“paths”: {
“/users/me/profile”: {
“get”: {
“operationId”: “getUserGmailProfile”,
“summary”: “Get current user’s Gmail profile”,
“responses”: {
“200”: {
“description”: “Successful response”,
“content”: {
“application/json”: {
“schema”: {
“$ref”: “#/components/schemas/GmailProfile”
}
}
}
}
},
“security”: [
{
“OAuth2”:
}
]
}
},

“components”: {
“schemas”: {
“GmailProfile”: {
“type”: “object”,
“properties”: {
“emailAddress”: {
“type”: “string”
},
“messagesTotal”: {
“type”: “integer”
},
“threadsTotal”: {
“type”: “integer”
},
“historyId”: {
“type”: “string”
}
}
},

"securitySchemes": {
  "OAuth2": {
    "type": "oauth2",
    "flows": {
      "authorizationCode": {
        "authorizationUrl": "https://accounts.google.com/o/oauth2/auth",
        "tokenUrl": "https://oauth2.googleapis.com/token",
        "scopes": {
          "https://mail.google.com/": "Read, compose, send, and permanently delete all your email from Gmail"
		
        }
      }
    }
  }
}

}
}

2 Likes

Not likely fixable with anything we can do, they will have to correct the issue.

Thanks! It works! When I write “connect to email” the response is this:

Talked to gmail.googleapis.com

I’ve successfully connected to the Gmail account. Here are the details:

  • Email Address: hello@…com
  • Total Messages: 11,881
  • Total Threads: 6,314

So what’s next? Can you also write an email? :smiley:

Anyhow, so weird that there is no error message for:

server url: https://gmail.googleapis.com/gmail/v1
authorizationUrl: Sign in - Google Accounts
tokenUrl : https://oauth2.googleapis.com/token

but for
server url: https://api.hubapi.com/oauth/v1/token
authorizationUrl: https://app-eu1.hubspot.com/oauth/authorize
tokenUrl: https://api.hubapi.com/oauth/v1/token

we receive the error “Authorization URL, Token URL and API hostname must share a root domain”, right?

Anyhow, in addition to applying the workound with the tinyurls, I end up with this error “Missing access_token”. Any idea how to fix this?

“Anyhow, in addition to applying the workound with the tinyurls, I end up with this error “Missing access_token”. Any idea how to fix this?”

you mean for the hubspot use case? I need to look into hubspot.

for google, yes you can pretty much do: Gmail API  |  Google for Developers

@getinference I see that you add oauth as part of the json. Do you fill in the values in the GPT setting for authorization and token as well?

1 Like

Yes I do fill the values in the gpt setting for authorization and token as well.

2 Likes

Thanks for the image. I just can’t get Spotify’s api to work. Even if I’ve added security in json it still says different root when I skip the url-shortener. Strange :confused:

Has anyone able to get Google drive to work? I get the
Auth URL, Token URL and API hostname must share a root domain

1 Like

Anybody encountered an issue where “You have successfully signed in via OAuth” received after being redirected, but the GPT still prompts to sign?

1 Like

Yes, this one is new - first it was orange, now it is green - welcome to beta! :smiley: But still no luck & stuck.

Yeah now it’s green and it’s working for me mostly. I’m currently authenticating with Google oauth. To get around the requirement of having the same root domain, I route the authorize and token urls via my server. Here are the endpoints I used to in my FastAPI app to achieve this:

@app.get("/authorize")
async def authorize(request: Request):
    state = request.query_params.get('state')

    scope = "openid email profile"
    
    # Construct the Google OAuth URL with the state parameter and an intermediate redirect_uri
    params = {
        "client_id": client_id,
        "response_type": "code",
        "scope": scope,
        "redirect_uri": redirect_uri,
        "access_type": "offline",
        "prompt": "consent",
        "state": state
    }
    google_auth_url = "https://accounts.google.com/o/oauth2/v2/auth"
    return RedirectResponse(f"{google_auth_url}?{urlencode(params)}")

Here is the redirect url endpoint:

@app.get("/intermediate")
async def intermediate(request: Request):
    code = request.query_params.get('code')
    state = request.query_params.get('state')
    # Redirect to OpenAI's callback URL with code and state
       
    params = {"code": code, "state": state}
    
    redirect_uri = request.query_params.get('redirect_uri')
    
    print(f"Intermediate redirect with params = {params} and redirect = {redirect_uri}")
    
    return RedirectResponse(f"{openai_redirect_uri}?{urlencode(params)}")
@app.post("/token")
async def token(request: Request):
    try:
        request_data = await request.form()
        code = request_data.get('code')
        
        print(f"token endpoint: request data = {request_data}")

        token_url = "https://oauth2.googleapis.com/token"
        data = {
            "code": code,
            "client_id": client_id,
            "client_secret": client_secret,
            "redirect_uri": redirect_uri,  # Use the same redirect_uri as in /authorize
            "grant_type": "authorization_code"
        }

        response = requests.post(token_url, data=data)

        # Check if the response from Google is successful
        if response.status_code != 200:
            print("Error during token exchange with Google:", response.status_code, response.text)
            raise HTTPException(status_code=500, detail="Token exchange failed with Google")

        token_response = response.json()

        # Check if the necessary tokens are present in the response
        if "access_token" not in token_response or "refresh_token" not in token_response:
            print("Missing tokens in Google's response:", token_response)
            raise HTTPException(status_code=500, detail="Missing tokens in response from Google")

        # Return the formatted token response
        return {
            "access_token": token_response.get("access_token"),
            "token_type": "bearer",
            "refresh_token": token_response.get("refresh_token"),
            "expires_in": token_response.get("expires_in")
        }

    except requests.RequestException as e:
        print("Request exception during token exchange:", e, file=sys.stderr)
        raise HTTPException(status_code=500, detail="Token exchange request failed")

    except Exception as e:
        print("Unexpected error in /token endpoint:", e, file=sys.stderr)
        raise HTTPException(status_code=500, detail="Unexpected error in token exchange")
6 Likes

Ah, clever - thanks for providing this sample! Will try it myself later today.

Did this setup fix the issue you mentioned in your previous message? I can authenticate via OAuth (against Auth0 for me, not Google) but then get the exact same thing you mentioned (success signing in, but then it just repeats the same sign-in prompt), and I’ve tried your implementation with the /intermediate endpoint too

Anybody encountered an issue where “You have successfully signed in via OAuth” received after being redirected, but the GPT still prompts to sign?

1 Like

Yes with this implementation I was able to log in successfully

hey ayMan, which implementation worked for you?

The implementation I provided in my previous response. It details how I routed the authorize and token urls that I provided in the GPT action authentication settings. The intermediate endpoint role is to get the code and state from the request and append them to the callback url provided by open ai. The intermediate endpoint in this case is the redirect url you provide to your oauth provider.

I guess I see what’s your solution, but need to process it a little. :smiley: maybe I need to write it down to understand it.

Not sure if this have been mentioned in this thread already, but someone posted about solving this using a URL shortener as that has the same root domain for all links.

1 Like

I have been trying to generate a schema for gmail but I have only been able to succeed with createDraft. Were you able to create one? How? This has been the most frustrating part :frowning:

1 Like