I'm using express + passport to make use of Google Authentication. Everything works fine on my localhost, but not on the server (express app is served by the App Engine).
The difference is that on localhost I get the correct redirect url, like this
http://localhost:5000/users/google/redirect?code=4%2F0AfgeXvtVTmjgZ21V65thwCtefi_4cpdNxnuXOacPmpjLiWM5d1*******8blw&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+openid&authuser=0&prompt=consent
but on the server it is not encoded, so I get this:
https://my-app-url/users/google/redirect?code=4/0AfgeXvv1KIxY2dxzy57_6FbjspdQSxmtP_lrSyLbfTcPB967c*******8QDutF-A&scope=email%20profile%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email%20openid&authuser=1&hd=cronvall.com&prompt=none
Why is that, and what can I do to fix that?
Related
I'm integrating Azure AD into a server side blazor application. It works locally (using https), however when I deploy it to production, the redirect URI in the URL is HTTP, not HTTPS, which then once I log in, Microsoft say the redirect URI isn't valid.
I'm running a VM using Ubuntu and Apache, which is forwarding anything from port 80 to port 443 using a Lets Encrypt certificate, however when it sends the user to Microsoft to login, the redirect URI is http://mydomain.tld, rather than https://mydomain.tld. I think it's because the URL it's running on locally is http://localhost:9000 - But when I put it to https://localhost:9000, it throws an exception on start up as it doesn't have a certificate and as I'm not running on a development machine, I don't really want to install the net core SDK and create dev certificate.
I've seen a few people put this in their code to solve it, however my requests are still going through to Azure AD with a HTTP redirect URI:
var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
fordwardedHeaderOptions.KnownNetworks.Clear();
fordwardedHeaderOptions.KnownProxies.Clear();
app.UseForwardedHeaders(fordwardedHeaderOptions);
Any ideas on how to fix it? I can't imagine I'm the first to be using Blazor behind Apache and connecting via openid.
Two options:
1.Set up Redirect URIs: http://localhost/****
2.Edit the Manifest like below:
I have a website on VueJS and a backend on AWS.
Lets say the website is on www.mywebsite.com, on a hosting server with CPanel and my backend on aws runs under www.mybackend.com
When the user logs in using the website, it makes an axios/fetch call to the backend. The backend will return a set-cookie for the www.mywebsite.com domain.
Although Chrome and FF works fine. Safari does not store the cookie as it is a cross site cookie.
Is there any easy way to make Safari store the cookie and send it to the calls to the backend? Can I mask the backend url with a subdomain from my main domain? Any ideas?
Safari does behave differently from those other browsers. It will only allow cross-origin cookies if they are from the same cookie domain.
So you can get this to work but only if you're in a position to change the URL so that the domains match.
So if you have a website at:
www.mywebsite.com
and the backend at:
backend.mywebsite.com
You can then share the cookie by setting the Domain:
Set-Cookie: my-cookie=value; Domain=mywebsite.com
If the two sites are on totally unrelated domains and you can't change that then I'm not aware of any way to make that work with Safari.
I did a more complete write-up of using cookies with CORS (including the quirks with Safari) at https://cors-errors.info/faq#cdc8
My client is use other type
I have no idea why i get redirect_uri_mismatch error. It work on localhost but not on domain.
Client type other is for installed applications it should not have a redirect uri the way it works is it returns the authorization code directly back where it came from that being
localhost
127.0.0.1
urn:ietf:wg:oauth:2.0:oob
For some reason your code is sending a https redirect uri which is in correct it should not be doing this. It looks like you are using the code for a web browser application with a native application client.
I have an angular app hosted on Parse.com using their Javascript SDK. I want to force the users to access via SSL.
I have no actual cloud code other than the documentation suggested code to redirect to SSL.
cloud/main.js
require('cloud/app.js');
cloud/app.js
var express = require('express');
var app = express();
var parseExpressHttpsRedirect = require('parse-express-https-redirect');
app.use(parseExpressHttpsRedirect());
app.listen();
When I nav to http://myapp.parseapp.com index.html is delivered and no redirect is made.
I could write some javascript to redirect but users could opt out of it so its not really a solution.
Any help will be greatly appreciated.
What's happening here is that public/index.html exists and is served statically by the web server. Your express code isn't being run because this file exists on the file system.
If you go to http://myapp.parseapp.com/some-page-doesnt-exist.html however then you'll be redirected to HTTPS because the request is passed to your express code.
The solution is to delete public/index.html and to have all HTTP requests go through express. Then you can serve index.html using express.
https://parse.com/docs/hosting_guide#webapp
I'm developing a web application with Facebook Javascript SDK on my server at http://example.com/webapp/. Now I registered a new domain name, say domain.com, with no hosting, and I forwarded with URL masking domain.com to example.com/webapp/, so the web app is still on my server at example.com/webapp/. I've tried to change app settings on Facebook, site domain to domain.com and website URL to domain.com, but the Javascript SDK doesn't work!
I think that the problem is that requests to facebook comes from my server at example.com and the app domain is domain.com. I notice that the JS SDK uses window.location to retrieve the url to be matched with the app domain and website url.. Is there a way to inject the redirect_uri parameter on every JS SDK functions call with the url of my redirecting domain domain.com?
Thanks to all in advice!
Instead of using URL Masking / Forwarding, you should see if you can use your domain domain.com pointing straight to example.com/webapp using Add-on Domains.
I.e. create a virtual host and have the new domain link to the actual files on the old domain name. Fowarding isn't the best way as some forwards use iframes or javascript to redirect.