Getting error=Post "": unsupported protocol scheme "" with Google Authentication

Hi I am trying to Authenticate Nakama with Google using Google Play Games Service in Unity. I have setup Google Cloud OAuth (tried oauth in OAuth Playground and it is working correctly) but when I try to authenticate in-game, or try to manually use authentication code from google play games in Nakama Console, it gives out the following error.

DBG social/social.go:348 > ts=2025-07-15T05:15:02.293Z msg=Checking Google ID idToken=<token>

DBG social/social.go:339 > ts=2025-07-15T05:15:02.356Z msg=Failed to exchange authorization code for a token. error=Post "": unsupported protocol scheme ""

DBG social/social.go:430 > ts=2025-07-15T05:15:02.357Z msg=Failed to exchange an authorization code for an access token. auth_token=<token> error=failed to exchange authorization code for a token

My Setup

  1. Server Version: 3.26.0+1645d207 | cockroachdb {Docker Based} Hosted on AWS Cloud, DNS Routing setup using Cloudflare. I am using separate DNS for Console port and Backend port respectively.
  2. Unity Version 2022.3.59f1, SDK Version: 3.16.0, Google Play Games Plugin Version: 2.0.0
  3. Unity SDK Version: 3.16.0.

Docker Compose File

services:
  cockroachdb:
    image: cockroachdb/cockroach:latest-v23.1
    command: start-single-node --insecure --store=attrs=ssd,path=/var/lib/cockroach/
    container_name: nk_cockroachdb
    restart: always
    volumes:
      - data:/var/lib/cockroach
    ports:
      - "26257:26257"
      - "8080:8080"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health?ready=1"]
      interval: 3s
      timeout: 3s
      retries: 5
  nakama:
    build: .
    container_name: nk_backend
    depends_on:
      cockroachdb:
        condition: service_healthy
      prometheus:
        condition: service_started
    entrypoint:
      - "/bin/sh"
      - "-ecx"
      - >
        /nakama/nakama migrate up --database.address root@cockroachdb:26257 &&
        exec /nakama/nakama --name nakama1 --database.address root@cockroachdb:26257 --logger.level DEBUG --session.token_expiry_sec 7200 --metrics.prometheus_port 9100
    expose:
      - "7349"
      - "7350"
      - "7351"
      - "9100"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:7350/"]
      interval: 10s
      timeout: 5s
      retries: 5
    links:
      - "cockroachdb:db"
    ports:
      - "7349:7349"
      - "7350:7350"
      - "7351:7351"
    restart: unless-stopped
  prometheus:
    image: prom/prometheus
    container_name: nk_prometheus
    entrypoint: /bin/sh -c
    command: |
      'sh -s <<EOF
        cat > ./prometheus.yml <<EON
      global:
        scrape_interval:     15s
        evaluation_interval: 15s

      scrape_configs:
        - job_name: prometheus
          static_configs:
          - targets: ['localhost:9090']

        - job_name: nakama
          metrics_path: /
          static_configs:
          - targets: ['nakama:9100']
      EON
      prometheus --config.file=./prometheus.yml
      EOF'      
    ports:
      - "9090:9090"

volumes:
  data:

local.yml File

console:
  max_message_size_bytes: 409600
logger:
  level: "DEBUG"
runtime:
  path: "/nakama/data/modules"
  js_entrypoint: "index.js"
session:
  token_expiry_sec: 7200 # 2 hours
socket:
  max_message_size_bytes: 4096 # reserved buffer
  max_request_size_bytes: 131072
google_auth:
  credentials_json: |    
    {
      "web": {
        "client_id":"<my client_id>.apps.googleusercontent.com",
        "project_id":"<project_id>",
        "auth_uri":"https://accounts.google.com/o/oauth2/auth",
        "token_uri":"https://oauth2.googleapis.com/token",
        "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
        "client_secret":"<client_secret>",
        "redirect_uris": [
          "http://localhost:7350/v2/account/authenticate/google",
          "http://api-nakama.mrzee.net/v2/account/authenticate/google"
        ],
          "javascript_origins": [
          "https://dev.nakama.mrzee.net"
        ]
      }
    }

I am using the following Dockerfile along with the docker-compose. I build the image and then compose up.

FROM heroiclabs/nakama-pluginbuilder:3.26.0 AS builder

ENV GO111MODULE on
ENV CGO_ENABLED 1
ENV GOPRIVATE "github.com/heroiclabs/nakama-project-template"

WORKDIR /backend
COPY . .

RUN go build --trimpath --mod=vendor --buildmode=plugin -o ./backend.so

FROM heroiclabs/nakama:3.26.0

COPY --from=builder /backend/backend.so /nakama/data/modules
COPY --from=builder /backend/*.lua /nakama/data/modules/
COPY --from=builder /backend/build/*.js /nakama/data/modules/
COPY --from=builder /backend/local.yml /nakama/data/

Hello @zee-imaginationai,

I believe the issue is that your redirect URIs are using http and not https.

1 Like

I have also tried using https but it didn’t work either. I have created separate dns for api calls and console login, do you think that might be causing this error? Also, I have added both, http and https on my console web app. Can that cause this error??

Have you regenerated the credentials_json file from the Google Console? If all URIs are prefixed with https, then I don’t know what the issue could be.

1 Like

If you’re using the above docker-compose file, the config doesn’t seem to be loaded by Nakama, you need to explicitly set a flag to pass the config. Check if your module is being loaded through the console, if nothing is being loaded, that’s likely the issue.

I am using the following Dockerfile along with the docker-compose. I build the image and then compose up.

FROM heroiclabs/nakama-pluginbuilder:3.26.0 AS builder

ENV GO111MODULE on
ENV CGO_ENABLED 1
ENV GOPRIVATE "github.com/heroiclabs/nakama-project-template"

WORKDIR /backend
COPY . .

RUN go build --trimpath --mod=vendor --buildmode=plugin -o ./backend.so

FROM heroiclabs/nakama:3.26.0

COPY --from=builder /backend/backend.so /nakama/data/modules
COPY --from=builder /backend/*.lua /nakama/data/modules/
COPY --from=builder /backend/build/*.js /nakama/data/modules/
COPY --from=builder /backend/local.yml /nakama/data/

I think you’re missing the config flag here:

exec /nakama/nakama --name nakama1 --database.address root@cockroachdb:26257 --logger.level DEBUG --session.token_expiry_sec 7200 --metrics.prometheus_port 9100

I read somewhere that proxy status should be DNS rather than Proxied. I have tried both and still in vein!! Can it being Proxied also cause any issues???

I can’t comment on custom deployments due to the heterogeneity and complexity of the configurations in question. It also falls outside of my area of expertise.

1 Like

I have updated my compose file as per your suggestion!

Updated “entrypoint:”

entrypoint:
      - "/bin/sh"
      - "-ecx"
      - >
        /nakama/nakama migrate up --database.address root@cockroachdb:26257 &&
        exec /nakama/nakama --name nakama --config /nakama/data/local.yml --database.address root@cockroachdb:26257 --logger.level DEBUG --session.token_expiry_sec 7200 --metrics.prometheus_port 9100

and also updated the credentials_json along my setup on Google Cloud Console to only take redirected_uri using https

"redirect_uris":
          [
            "https://api-nakama.mrzee.net/v2/account/authenticate/google"
          ]

Now it is working as intended.
THANK YOU SO MUCH FOR HELPING ME OUT
Been stuck on this for the past couple of week.

Cloudflare setup was not the issue as I thought earlier.

1 Like