My client is use other type
I have no idea why i get redirect_uri_mismatch error. It work on localhost but not on domain.
Client type other is for installed applications it should not have a redirect uri the way it works is it returns the authorization code directly back where it came from that being
localhost
127.0.0.1
urn:ietf:wg:oauth:2.0:oob
For some reason your code is sending a https redirect uri which is in correct it should not be doing this. It looks like you are using the code for a web browser application with a native application client.
Related
I deployed an app to production and i'm getting an error message
Erreur 400 : redirect_uri_mismatch The redirect URI in the request, http://codesnippets.azurewebsites.net/auth/google/callback, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs.
However I added the link to the URI along with the link http://localhost:3000/auth/google/callback. I did the same with the website http://www.mywebsite.com/auth/google/callback but when i try to add it i have a message saying that the app is in production and the URL should be https?
The redirect uri in Google developer console must exactly match the redirect URI your application is calling from.
The easiest way to fix it is to copy the exact url the error message is giving you. If its https you need https if it has a prot you need a port if there is a trailing slash you must include that is as well.
In your case you should add
http://codesnippets.azurewebsites.net/auth/google/callback
This video will walk you though it. Google OAuth2: How the fix redirect_uri_mismatch error.
I was able to add it to a web client with no issues relating to it not being https.
I'm attempting to use Keycloak for some future projects and it's still very new to me so I'm plugging away reading through the docs and searching for issues online but I'm currently stumped on one thing - I have a vuejs app I’ve added as a client (127.0.0.1:3001), I have a reverse proxy setup in IIS (idp.mc.local) and then a docker container on Windows with keycloak running (127.0.0.1:8080), when I attempt to login, instead of being redirected back to the vuejs client I am just getting redirected to the root of the reverse proxy with the state value in the url, as in the network logs in the screenshot below:
Network logs showing incorrected 'Location' redirect
If I don’t set a front end url for the realm and bypass the proxy / hook my vuejs client to login via Keycloak directly on 127.0.0.1:8080, it redirects to 127.0.0.1:3001/#state… correctly, as below:
Network logs showing correct 'Location' redirect
I can't spot any way to sort this issue, I thought the front end url for the realm should state the proxy address? I can't see why Keycloak would redirect to it at the end of the login process rather than to my client app url, the redirect_uri is being ignored by keycloak and for some reason taking me back to the root of my proxy domain. If I actually manually visit 127.0.0.1:3001/#state… with the state value copied in from the incorrect redirect, I log in successfully.
It's baffling me and any help would be appreciated!
The answer did turn out to be an IIS related issue with the setup of Application Request Routing / ARR being the problem. What was needed was to edit the settings for IIS Application Request Routing and uncheck the option:
Reverse rewrite host in response headers as can be seen in the image below:
IIS ARR Checkbox to untick
Hopefully this will be helpful for someone else who might have the same issue at some point!
I have Integrated OneDrive with my web application, on my local machine
for testing I had used http://localhost:123/Web/xyz in redirect URL on Application Registration Portal and it worked fine, but now I have deployed ny application on local server for further testing before going live and wanted to update Redirect URL to http://abc-xyz:81/Web/example and it gives error "Your URL can't contain a query string or invalid special characters."
how can I fix this issue
That error message is unfortunate. The error here is likely that redirect URLs for non-localhost servers need to be HTTPS and it looks like you are using an HTTP URL.
They have restriction about setting new redirect urls, it must be either
match the DNS name of the existing
sub domain of exiting
see https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations#restrictions-on-redirect-uris for more details
From Google Developer Console page, it explains the meaning of "Google Redirect URI" is :
Determines where the response is sent. The value of this parameter
must exactly match one of the values registered in the APIs Console
(including the http or https schemes, case, and trailing '/').
Not sure, whether this explanation is same as my think or not:
On my app (web application), it allow user to sign-in via Google (Assume, I registered a Google project with ClientID/secrete configured on my web-app, and on Google COnsole page the redirectURI is "http://bbc.co.uk" ).
After I login to Google successfully by my Google account, my Web-app login page will be redirected to "http://bbc.co.uk" as on Google RedirectURI ?
That last sentence is a bit ambiguous. A better description is:
After I login to my Google Account successfully with my Google
credentials, Google will redirect my browser back to
Redirect URI http://bbc.co.uk that is registered for the web app in the Google > API Console.
Just to be sure: this means that the Redirect URI should be part of your web app. It is not actually Google's Redirect URI but it is the Redirect URI that you've configured in the Google API Console for your web app.
Let me see if i cant explain this in a different way.
What would happen if you didn't have a redirect URI?
If you go to the Developer console and create a Client ID for native application by default the redirect URI
This will redirect the Authentication back to where ever it was request from. In the case of native installed applications this is needed because there is no way to know where the user is that has installed the application.
Lets look at this in action
Request authentication:
https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
If you place the above line in a web browser the user will see something like this
Assuming they select ok then they get this displayed back at them.
That is the Authentication code, not to be confused with the access token. This is just the first step. Once your application has the Authentication code it can then exchanged that for a refresh token and a access token. Most client library handle this step internally. You and your users never see this Authentication code.
Back Redirect URI:
In the case if a web application your web application needs to be able to get a hold of that authentication code. Now I probably shouldn't be telling you this but you could just use a native application client in your web application and it will work. Why because the authentication server will just return the Authentication code back to where ever it was that requested it. For security reasons this is probably a bad practice.
So what do you need to place in the redirect uri. It is the file that you have ready to handle this authentication code. Normally its just the same as the login page, but you can have several. Just put each of them on separate lines.
http://localhost/login.php
http://www.daimto.com/login.php
I like to do this because then it works when i am testing locally vs when its up on the server.
I think the wording "Determines where the response is sent" confuses a lot of beginners as it implies that Google will somehow call that URL directly. Then the word "redirect" leads people to confuse the URL with the page of the app that the user will get to once he's authenticated.
http://bbc.co.uk is definitely NOT the redirect URL. A redirect URL would normally look like https://myapp.com/servlet_or_php_that_i_wrote_to_process_tokens.php
Google will "call" servlet_or_php_that_i_wrote_to_process_tokens.php by redirecting the browser to it. Once servlet_or_php_that_i_wrote_to_process_tokens.php as done whatever is needed with the token, it will then issue its own redirect to (say) bbc.co.uk
When I try to access my Google calendar (via Roundcube webmail, using google_oauth2 plugin), I get this exact error:
Error: redirect_uri_mismatch error. The redirect URI in the request:
http://mail.domain.com:1066/?_task=settings&_action=google_redirect&_enable=cb did not match a registered redirect URI
My webmail is hosted at this address: http://mail.domain.com:1111/RCmail/
My google project settings are as follows:
Authorized JavaScript origins
http://mail.domain.com:1111
Authorized redirect URI
http://mail.domain.com:1111/RCmail/?_task=settings&_action=google_redirect&_enable=cb
https://mail.domain.com:1111/RCmail/
NOTE: directing to mail.domain.com:1111 (without the RCmail path) just redirects it to my xampp page which isn't what I want
Because the redirect_uri in the request doesn't match any one you register in Google sonsole.
check it again, they are different:
http://mail.domain.com:1066/?_task=settings&_action=google_redirect&_enable=cb
http://mail.domain.com:1111/RCmail/?_task=settings&_action=google_redirect&_enable=cb