i am configuring single sign on feature with hybridauth plugin. It took me 2 days setup this. However, i am getting redirect uri error with facebook and google.
In google and facebook i have given website name like this http://example.com
i didn't found anywhere to put redirect url.
Now when i click on facebook or google. I am getting below error.
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings.
Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
Google error is below.
400. That’s an error.
Error: redirect_uri_mismatch
Login page exist on root and there is a folder i have created for hybridauth.
Inside that folder index.php file.
In config.php file. i have given baseurl like this.
"base_url" => "http://example.com/hybridauth/index.php",
I know this question doesn't have much code. But as per me issue with base_url and facebook/google oauth api.
You should be able to set Authorized redirect URIs on the provider's page. For example, on Google's Developer Console, you should be able to set the Authorized redirect URIs on the Credentials tab for your app:
Related
I am trying to integrate Google authentication with my ASP.Net core application. I have successfully integrated the appliation with Google authentication, after the login google redirects back to the home page of the application. I however would like it to redirect to https://localhost:44303/Home/dashboard.
To fix this, I have changed the "Authorized redirect URIs" from https://localhost:44303/signin-google to https://localhost:44303/Home/dashboard, but when i do that I get a redirect_uri_mismatch error. Is there a particular "Authorized redirect URIs" format that i need to follow? I checked the documentation at https://developers.google.com/identity/protocols/OAuth2WebServer but perhaps I am missing something very obvious.
OAuth Consent screen: I cannot add localhost in the "authorized domains" textbox.
OAuth Client Restrictions: If I add https://localhost:44303/Home/dashboard in the authorized redirect url's then I get a redirect_uri_mismatch error.
Stack Trace:
Error: redirect_uri_mismatch
The redirect URI in the request, https://localhost:44303/signin-google, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/685730099587-d2rac5lt7981tjkoo5td23ogm2q1at20.apps.googleusercontent.com?project=685730099587
Learn more
Request Details
response_type=code
client_id=685730099587-d2rac5lt7981tjkoo5td23ogm2q1at20.apps.googleusercontent.com
redirect_uri=https://localhost:44303/signin-google
scope=openid profile email
state=CfDJ8HG_FpcxsWVNk9Pwwx_Fh6NNjkmrebqlP7rA3Y3u0fx42o-r6KMmiNmbmC2vjIuZLqmTZMA8O8AfMgIxXO8Tj9k3x2PLe6wNyL7xqOXi6Yj-AJUmeZFwievUqEAuCKHClYJOFPAlKTxrnYIYCXoJjvwg8BM4JBKA_NgFGjy_CbGHrI2kyUC63Z7INhYHdwEyO13AsBfYXR4LfxAGf3jz3x8-ZKDUDgFOqYYKXXcDHt2VqlERXOVXdEqNUcxUtfhM
Just run into the same problem!
Just add to the Authorized Redirect URL:
https://localhost
Without any port or additional thing!
The message
The redirect URI in the request,
https://localhost:44303/signin-google, does not match the ones
authorized for the OAuth client. To update the authorized redirect
URIs, visit:
https://console.developers.google.com/apis/credentials/oauthclient/685730099587-d2rac5lt7981tjkoo5td23ogm2q1at20.apps.googleusercontent.com?project=685730099587
tells you pretty much all you need to know. Note that you can configure multiple redirect URLs to deal with every permuatation of test, stage and production servers. Just make sure that the redirect URL your app uses is an exact string match to one of the configured URLs.
When registering an app at https://developer.uber.com/ you can specify a few different URIs
Redirect URL
Origin URI
Privacy Policy URL
What URIs should be set for these fields?
When I enter "localhost" in the redirect url text area and save I get a "Invalid Redirect URL." error.
These are the requirements and notes for each
Redirect URL
Can be in any URL in the form scheme://host read more on URLs
This is the OAuth 2.0 redirect URL that your user will be brought to after they authorize your app.
Origin URI
Can be in any URL in the form scheme://host [read more on URLs]
This is only to be utilized if you plan to issue CORS requests from a browser using bearer tokens
Privacy Policy URL
Must be any http or https URL
This is a publicly accessible link to your application's privacy policy.
From Google Developer Console page, it explains the meaning of "Google Redirect URI" is :
Determines where the response is sent. The value of this parameter
must exactly match one of the values registered in the APIs Console
(including the http or https schemes, case, and trailing '/').
Not sure, whether this explanation is same as my think or not:
On my app (web application), it allow user to sign-in via Google (Assume, I registered a Google project with ClientID/secrete configured on my web-app, and on Google COnsole page the redirectURI is "http://bbc.co.uk" ).
After I login to Google successfully by my Google account, my Web-app login page will be redirected to "http://bbc.co.uk" as on Google RedirectURI ?
That last sentence is a bit ambiguous. A better description is:
After I login to my Google Account successfully with my Google
credentials, Google will redirect my browser back to
Redirect URI http://bbc.co.uk that is registered for the web app in the Google > API Console.
Just to be sure: this means that the Redirect URI should be part of your web app. It is not actually Google's Redirect URI but it is the Redirect URI that you've configured in the Google API Console for your web app.
Let me see if i cant explain this in a different way.
What would happen if you didn't have a redirect URI?
If you go to the Developer console and create a Client ID for native application by default the redirect URI
This will redirect the Authentication back to where ever it was request from. In the case of native installed applications this is needed because there is no way to know where the user is that has installed the application.
Lets look at this in action
Request authentication:
https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
If you place the above line in a web browser the user will see something like this
Assuming they select ok then they get this displayed back at them.
That is the Authentication code, not to be confused with the access token. This is just the first step. Once your application has the Authentication code it can then exchanged that for a refresh token and a access token. Most client library handle this step internally. You and your users never see this Authentication code.
Back Redirect URI:
In the case if a web application your web application needs to be able to get a hold of that authentication code. Now I probably shouldn't be telling you this but you could just use a native application client in your web application and it will work. Why because the authentication server will just return the Authentication code back to where ever it was that requested it. For security reasons this is probably a bad practice.
So what do you need to place in the redirect uri. It is the file that you have ready to handle this authentication code. Normally its just the same as the login page, but you can have several. Just put each of them on separate lines.
http://localhost/login.php
http://www.daimto.com/login.php
I like to do this because then it works when i am testing locally vs when its up on the server.
I think the wording "Determines where the response is sent" confuses a lot of beginners as it implies that Google will somehow call that URL directly. Then the word "redirect" leads people to confuse the URL with the page of the app that the user will get to once he's authenticated.
http://bbc.co.uk is definitely NOT the redirect URL. A redirect URL would normally look like https://myapp.com/servlet_or_php_that_i_wrote_to_process_tokens.php
Google will "call" servlet_or_php_that_i_wrote_to_process_tokens.php by redirecting the browser to it. Once servlet_or_php_that_i_wrote_to_process_tokens.php as done whatever is needed with the token, it will then issue its own redirect to (say) bbc.co.uk
Currently, I'm trying to integrate the OneDrive SDK onto a website. However, I'm having issue with redirecting with authentication.
Normal route:
User goes to the website. It clicks on a button to single sign onto there OneDrive
User gets redirected to OneDrive Authorization page.
Once authentication, user gets redirected to where they left off. This redirect is specified in the OneDrive's SDK account. However, it seems that they don't allow query params in the redirect URL.
Is there a way around this?
The only thing I could figure out is using a URL that is an alias for the URL with the query params, but that just seems like a hack solution. It's hard to believe that there isn't a way for a user to redirect with query params to indicate at what stage they left off on the site.
Example of invalid redirect url as http://skydpk.com/index.php?a=ap&addon=file_sharing&page=skydrive
Any advice appreciated,
Thanks,
D
You can try registering your base URL as the redirect URL and just before initiating authorization action append the parameters to the redirect URL.
Redirect URL at one drive app dashboard : http://skydpk.com/index.php
Authorization URL
https://login.live.com/oauth20_authorize.srf?client_id=<your client id>&scope=<scope>&response_type=code&redirect_uri=http://skydpk.com/index.php?a=ap&addon=file_sharing&page=skydrive
When I try to access my Google calendar (via Roundcube webmail, using google_oauth2 plugin), I get this exact error:
Error: redirect_uri_mismatch error. The redirect URI in the request:
http://mail.domain.com:1066/?_task=settings&_action=google_redirect&_enable=cb did not match a registered redirect URI
My webmail is hosted at this address: http://mail.domain.com:1111/RCmail/
My google project settings are as follows:
Authorized JavaScript origins
http://mail.domain.com:1111
Authorized redirect URI
http://mail.domain.com:1111/RCmail/?_task=settings&_action=google_redirect&_enable=cb
https://mail.domain.com:1111/RCmail/
NOTE: directing to mail.domain.com:1111 (without the RCmail path) just redirects it to my xampp page which isn't what I want
Because the redirect_uri in the request doesn't match any one you register in Google sonsole.
check it again, they are different:
http://mail.domain.com:1066/?_task=settings&_action=google_redirect&_enable=cb
http://mail.domain.com:1111/RCmail/?_task=settings&_action=google_redirect&_enable=cb