linkCredentials: linking forbidden without first specifying allowed request origins

Hi there,

After anonymous login, I am performing linkCredentials with a Google credentials. I am getting following error

Can you please guide me how to fix this error.

Thanks
Sudarshan

Which SDK are you using?

Can you share the code that you’re using to set this up?

Hi Andrew,

I am using realm-web sdk in react-js.

Following is the code snippet:

import { App, Credentials } from "realm-web";

//Calling initializeRealmApp function from the root react component
const initializeRealmApp = () => {
  const app = new App({ id: process.env.REACT_APP_ID });
  return app;
};

//performing anonymous login to call some realm functions
const loginAnonymousRealm = () => {
  const app = App.getApp(process.env.REACT_APP_ID);
  const credentials = Credentials.anonymous();
  return app.logIn(credentials);
};


//Once user chooses to signin with Google
//Google Sdk callback the handleLogin function with "response" object, 
//which contains credential.
//handleLogin function in turn calls loginGoogleRealm function
const loginGoogleRealm = async (response) => {
  const app = App.getApp(process.env.REACT_APP_ID);
  const credential = Credentials.google(response.credential);
  await app.currentUser.linkCredentials(credential);
};

Have you checked that everything is set up correctly (with the correct permissions etc.) in your Google app? Any logs on the Google side?

I’m experiencing the same issue with realm-web 1.3.0. Simplified use case:

const user = await app.logIn(Realm.Credentials.anonymous());
await app.emailPasswordAuth.registerUser(email, password);
const credentials = Realm.Credentials.emailPassword(email, password);
await user.linkCredentials(credentials);

The linkCredentials method results in Unhandled Rejection (Error): Request failed (POST https://stitch.mongodb.com/api/client/v2.0/app/app-id/auth/providers/local-userpass/login?link=true): linking forbidden without first specifying allowed request origins (status 403)

How do we specify the allowed request origin?

Turns out this is due to a setting in Realm. App Settings > Allowed Request Origins > + Add Allowed Request Origin.

Hey,
Were you able to find a solution to this? I tried what @Craig_Phares mentioned, but as soon as I deploy the application after adding the origins, the added origins get removed automatically by Atlas (Tried doing it both from CLI as well as the UI).

Stuck for now.

I’m having the same issue.

How to reproduce:

  • Setup new app with github deployment
  • Add one or more origins via UI (App Settings → Allowed Request Origins)
  • Entry is shown in the UI, everything seems ok
  • Inside config repo: git pull
  • Add a space at the end of file: git commit and push to server
  • Deployment logs say it’s successful but the entry is now missing in the UI