Skip to content

OAuth2+Github redirect_uri mismatch #3761

Closed
@jakimfett

Description

@jakimfett

Abstract

OAuth2 documentation needs configuration details.

Description

When configuring the OAuth2 authentication method for Github, a user is redirected to:
/user/oauth2/<authname>/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch
with a 500 error.

The problem appears to be with the callback URI not matching the redirect_uri, but I've followed the URI nomenclature from admin/auths/new.

I've set the relevant bits (eg, DISABLE_REGISTRATION = false and ENABLE_REVERSE_PROXY_AUTHENTICATION = true) in my custom/conf/app.ini, and there doesn't seem to be anything in the cheat sheet or authentication sections of the documentation about this issue, and no place to set the redirect URI from the web interface.

Ideally, this would get closed after the documentation is updated providing an entry for OAuth2 config FAQ and the 'known good' configuration would be recorded in the docs (ideally with the other auth stuff).

I can PR the docs, I just need to know why this seemingly-straighforward thing is being problematic.

Screenshots

2018 04 04 1511 47
2018 04 04 1513 13
2018 04 04 1519 58

Server Details

  • Gitea version (or commit ref): 1.4.0+3-g641d481c
  • Git version: 2.11.0
  • Operating system: Debian GNU/Linux 9 (stretch)
  • Database (use [x]):
    • PostgreSQL
      MySQL (mariadb)
      MSSQL
      SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
      No
      Not relevant
  • Log:
    2018/04/04 22:19:25 [I] Log Mode: File(Trace)
    2018/04/04 22:19:25 [I] XORM Log Mode: File(Trace)
    2018/04/04 22:19:25 [I] Cache Service Enabled
    2018/04/04 22:19:25 [I] Session Service Enabled
    2018/04/04 22:19:25 [I] Git Version: 2.11.0
    2018/04/04 22:19:25 [T] Doing: CheckRepoStats
    2018/04/04 22:19:25 [T] Doing: ArchiveCleanup
    2018/04/04 22:19:25 [T] Doing: DeletedBranchesCleanup
    2018/04/04 22:19:25 [I] Run Mode: Production
    2018/04/04 22:19:25 [I] Listen: https://0.0.0.0:<port,redacted>
    2018/04/04 22:19:25 [I] LFS server enabled
    2018/04/04 22:19:31 [D] Session ID: cde9
    2018/04/04 22:19:31 [D] CSRF Token: ==
    2018/04/04 22:19:31 [D] Template: user/auth/signin
    2018/04/04 22:19:32 [D] Session ID: cde9
    2018/04/04 22:19:32 [D] CSRF Token: ==
    2018/04/04 22:19:33 [D] Session ID: cde9
    2018/04/04 22:19:33 [D] CSRF Token: ==
    2018/04/04 22:19:33 [...routers/user/auth.go:407 handleOAuth2SignIn()] [E] UserSignIn: Invalid token received from provider
    2018/04/04 22:19:33 [D] Template: status/500

Activity

added
type/questionIssue needs no code to be fixed, only a description on how to fix it yourself.
on Apr 5, 2018
hnsr

hnsr commented on May 29, 2018

@hnsr

What's your ROOT_URL set to? I ran into the same problem (including the somewhat misleading 'Invalid token received...' error), but found out I had my ROOT_URL set to http://foo, while I had actually already moved it to https via apache httpd (which is reverse proxying to gitea). Changing my ROOT_URL to https://foo fixed the issue

techknowlogick

techknowlogick commented on Jul 21, 2018

@techknowlogick
Member

Closing, please re-open if you still experience this.

teotikalki

teotikalki commented on Mar 20, 2019

@teotikalki

I came here because I experienced this and found that the answer from @hnsr solved my problem.
However, I didn't find a way to change my ROOT_URL from the frontend (there really should be).

locked and limited conversation to collaborators on Nov 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/questionIssue needs no code to be fixed, only a description on how to fix it yourself.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @lunny@techknowlogick@hnsr@teotikalki@jakimfett

        Issue actions

          OAuth2+Github redirect_uri mismatch · Issue #3761 · go-gitea/gitea