when using the google oAuth2. I keep getting
Erreur 400 : redirect_uri_mismatch The redirect URI in the request, http://hostname/signin-google, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit:
with the HTTP access.
but I'm using the https access to access the url.
I don't know why it's redirecting by HTTP not HTTPS
.
For the auth I'm using
await HttpContext.ChallengeAsync("Google", new AuthenticationProperties() {RedirectUri = "/"})
--
Note : when trying to Add my hostname with http on the redirect_uris acceepted on the GCP, it doesn't accept http, but only HTTPS
thanks a lot
You should pass the address of your own server/client-app as RedirectUri, which can handle the answer of Googles login dialog. This address should be a full URL not just "/", it has to be registered in the Google developer console and is required to be one with a https:// prefix.
You cannot implement OAuth2 with an unsecure http:// redirect address, this would ruin all security.
In fact, it's the way you expose your app that is taken in parameters..
For me I'm using the dockerfile to expose my app, and I used to use
Expose http://*:80
And even if the associated domain was started with an HTTPS, inside the app it's always an HTTP call, so all the redirect are done through the http protocole.
I'v changed the way I expose my app from http://:80 to https://:443
And in the code I used kestrel to launch the app and it's working perfectly now
Thank you
Related
Requesting for some help here. Kind of stuck with a use case. We are trying to integrate OneLogin with our app via Spring security.
The entry point to our application is Azure App Gateway that routes the requests to load balancer further routing to the VMs where the service is deployed. Everything works fine if we DONOT override the hostname in Backend settings for any incoming request, leading to the App Gateway host only getting passed for every request. Here the App Gateway URL being set as the redirect URI in Spring security auth endpoint call.
The problem appears when the Apigee is used as the entry point to our application. Apigee routes the request to App Gateway routing it further to load balancer and VMs. Here, we DO have to override the host as Apigee host name in order to authenticate the client to the OneLogin server. The Apigee endpoint is set as the redirect URI in the Spring security auth endpoint call.
However, the server responds back with "possible CSRF detected - state parameter was required but no state could be found" error. Tried different possible solutions from other SO links to resolve this error like providing a session cookie name, but did not help. Our OneLogin server and client application are also in different domains.
The only thing that works here is when we DONOT override the hostname in Azure App Gateway Backend settings and pass the App Gateway URL as the redirect URI in auth endpoint call. But the problem is it shows the App Gateway URL in the user browser, which we do not want because in an ideal scenario, the user should see only the Apigee host in the browser url and not the App Gateway host. So, is there any way to re-route/redirect/override the URL to Apigee URL in Azure App Gateway settings without the call being made to Apigee endpoint. Just the user sees the Apigee url in the browser, but internally all calls are made to App Gateway endpoint only.
Or the other solution could be to prevent the CSRF issue when Apigee hostname is used as the redirect URL in the auth endpoint instead of App Gateway host. But not sure how to resolve that.
• In your scenario, when you are not overriding the hostname in the Azure application gateway backend settings and pass the ‘Application Gateway’ URL as redirect URL in the ‘Authorization endpoint call’, the application gateway URL is shown in the user’s browser which is not desired since the Apigee host redirects the authentication requests to the ‘App gateway’ endpoint.
Therefore, without the call to be made to the ‘Apigee’ endpoint, you can surely redirect it to the Apigee redirect URL in the Azure application gateway settings by configuring the ‘Rewrite URI rules’ in the gateway. These rewrite rules will check for any presence of configured URLs or specific paths and will therefore, change the original URI path to the new path configured. As a result, please follow the below given snapshots as steps for configuring the same as stated above: -
Thus, as shown above, you can configure the ‘Rewrite rules’ in a ‘Standard V2’ SKU application gateway for redirecting response requests of ‘authorization endpoint call’ from application gateway URL to the Apigee endpoint hostname configured. In this way, when the application gateway URL is shown in the browser, it will be rewrited to the apigee endpoint hostname’s URL in the browser and accordingly the user at the receiving end will be able to see the Apigee endpoint hostname as a result fulfilling your requirement.
For more details regarding the above, kindly refer the below link: -
https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#modify-a-redirection-url
I've followed a sample created here:
https://github.com/googlesamples/oauth-apps-for-windows/blob/master/OAuthDesktopApp/README.md
to have Google OAuth work with my desktop application and it seems I got stuck with redirect URIs. I know I have to provide a RedirectURI on Google Credentials page (in Developers Console), but I cannot figure out how to provide a RedirectURI to accept any port number.
In this sample, a local HTTP server opens a connection on localhost (127.0.0.1) and it seems to work, no matter which port is used for listening (it finds some random port and then sends RedirectURI as localhost:randomport) and authentication works as expected. However, when I try to do that in my application, I get notification that RedirectURI is not defined. Is there any special syntax to be used when defining RedirectURI inside Developer Console?
As stated in the read me for the sample you are following
Create a new OAuth 2.0 client, select Other
You should have created a oauth2 client of type other, not an web application. the only difference really is that other is intended for desktop or native applications which use localhost by default as the redirect uri.
I need the following information for my app to work:
1) Client ID
2) Redirect URL
Setting up the app and creating an ID + secret code was easy. But I have no idea what to put as my redirect URL. I used localhost as my URL and I was able to sign into my google account but after I signed in I received Error: redirect_uri_mismatch
Screenshot
What can I do? How do I even create a redirect URL?
In the Developer Console credentials page (the one in your screenshot), add your redirect URI to the "Authorized redirect URIs" text field.
Ensure you're supplying the correct port and correct route your server is listening on too.
For example, in the Google API Console, the working redirect URI for me is
Your port and route all depend on your server setup (ie. look in your index.js if you're using Node). This working sample with port 5000 is from the example server code in the YouTube API NPM module readme.
I'm trying to utilize dropbox with my Qt-based iOS app. My problem is the redirection from the dropbox authorization webpage back to the app.
I did not manage to get the dropbox authorization to work with the Qt WebView, so I am simply launching the default browser to the dropbox authorization site.
According to the dropbox dev portal, for the redirect_uri parameter, you can only use the https scheme for external addresses, and the http scheme for localhost addresses.
Does this make it impossible for the redirection to utilize a URL scheme that I have configured for my app, such as: 'myapp://' ?
How should I have dropbox redirecting back to my app? Should I use a custom website that redirects to my app using the URL scheme, or should I have my app as a server that listens to some port on localhost, so that I would use 'http://localhost:[port number]'? Suggestions? Are these even possible?
Can a URL scheme be used somehow in connection with a 'http://localhost' -based URL?
It is of course possible to omit the redirect_uri and let the user to copy the authorization code or token, switch back to my app, and paste it to a text field, but I think this would be a bit of a hassle to the user.
One important thing to note here is that the Dropbox API OAuth 2 implementation offers two different flows, "code" and "token". The code flow does require https://, unless it's a localhost URL, in which case it allows http:// or https:// (only).
You can use other protocols with the token flow though. Here are the variations broken out, with the result/error for each.
With redirect_uri:
code flow:
https://www.dropbox.com/1/oauth2/authorize?client_id=APP_KEY&response_type=code&redirect_uri=myapp://dropbox_callback
"Invalid redirect_uri: "myapp://dropbox_callback": When response_type=code, redirect_uri must start with "https://", unless it's a localhost URI."
https://www.dropbox.com/1/oauth2/authorize?client_id=APP_KEY&response_type=code&redirect_uri=myapp://localhost/dropbox_callback
"Invalid redirect_uri: "myapp://localhost/dropbox_callback": When response_type=code, localhost URIs may only start with "http://" or "https://"."
token flow:
https://www.dropbox.com/1/oauth2/authorize?client_id=APP_KEY&response_type=token&redirect_uri=myapp://dropbox_callback
200 (this is the version that probably makes the most sense for you to use)
Without redirect_uri:
code flow:
https://www.dropbox.com/1/oauth2/authorize?client_id=APP_KEY&response_type=code
200
token flow:
https://www.dropbox.com/1/oauth2/authorize?client_id=APP_KEY&response_type=token
"Missing redirect_uri (required when "response_type" is "token")"
I'm using https in redirect_uri field of OAuth2. But when I connect to google client, I'm redirect to http url, not https. Here is a part of the code:
$client->setClientId($client_id);
$client->setClientSecret($secret);
$client->setRedirectUri("https://mydomain/myphp.php");
$client->setScopes(array('https://www.googleapis.com/auth/calendar'));
I use the example from http://www.daimto.com/google-oauth2-php/
When I run the script, it shows me a "Connect Me!" message and when I click on it, the browser ask my permition to access my google account. After I agree, it would must redirect me to the address in setRedirectUri, in HTTPS mode. But google api redirect me the same url but in http mode.
Some idea?
Thanks a lot!
I believe all is working, but after successful authentication on https your own code redirects you to a cleaned URL on plain http. Check the sample code that you copied after receiving and exchanging the code ("Step 2") and change the construction of the URL so that it uses https instead of https.