Oauth2 redirect_uri_mismatch - ruby-on-rails

I've setup an environment in Cloud9 to create a website in Rails. I'm currently trying to enable login via Gmail, using the google oauth2 gem, but i ran into this problem and no matter where i look, every solution i've found does not seem to work.
Here is the error:
(https://i.imgur.com/GhIH8S4.png)
And here is my google development urls:
(https://i.imgur.com/zg5Txuo.png)
(Sorry, seems like i can't upload images directly to the post yet)

I think you are having this issue because Google's OAuth does not support wildcard subdomain matching and your app is basically a subdomain on Cloud9. Check this SO post.
I found a post with similar issues on Cloud9 forums
I googled with "OAuth c9.io".

Have you added the authorized redirect URIs?. It´s in the Credentials tab. You must edit your OAuth 2.0 client IDs and set the URIs there.
Steps:
Go to https://console.developers.google.com/apis/dashboard
Select the project
Click on Credentials link on the left menu
Edit the OAuth 2.0 client IDs clicking the pencil next to it
Add your Authorized redirect URIs (https://domain/users/auth/google/callback or something similar)

Related

Testing Google OAuth 2.0 with localhost?

How do I test the Google OAuth 2.0 on my app with localhost, since Google requires a top private domain as the authorized domain?
I tried to look up solutions, but all the solutions given have been a while ago, and I think Google has changed their service since then.
localhost is not a valid top-level domain, and it won't let you generate credentials without setting up a consent screen. You can add more than one authorized domain if you'd like, but you can't leave it empty. But you CAN delete the field if you have no domains / would not like to add domains for now. you just can't LEAVE it empty.
Notice the description -- "When a domain is used". so it's not an obligation to add authorized domain for consent screen. Moreover, the authorized domain here is only related with consent screen. Authorized origins and Authorized redirect URLs needs to be specified in the credentials part, which is all that matters; specifying the origin from which requests will be accepted and where it will be redirected. So just omit the authorized domain in the consent screen.
So how to delete it? Just in case if you haven't noticed, just hover over the field and this little man will pop up. delete it. that's all. Now you should be able to save and continue, where it might ask you to setup scopes.
I know it's really late, hoping it might help others..
After about an hour banging my head against the wall I found this article that has a step by step solution that works (as of July 2020).
Basically you need to create a service account, share the sheet with that account, and then it should work.
All of the other auth methods I tried either raised nonsense errors, or simply silently didn't work.
The list of authorized domains is required before you submit a request for app verification. If you want to configure a localhost redirect URI, that is configurable in your web OAuth client ID configuration.
In case anyone has struck out on the suggestions above, this answer did the trick for me. Set my authorized JavaScript origins URI to http://localhost:8080 in the google API console then emptied my Chrome cache.
Just add an OAuth-consent-screen from here without a domain or valid domain that's up to you, after that create Credentials from here, then select OAuth client ID and enter your from here you can add javascript origin url and there you go you've done.
You add your final domain for when you are ready to become verified. Until then you will generate an OAuth client ID and enable https://localhost:3000 in "Authorized JavaScript origins"
Simple screenshot of the field you can enter localhost
Not beautiful, but works!
I've made local website(domain) on Xampp like test1.com, added that domain in Authorized domains and started Chrome from separate shortcut with parameter --ignore-certificate-errors
Note, that when you start with this flag, Chrome must not be running!
It cause Chrome to open web site in the xampp\htdocs folder and I was forced to go to folder test1.git and then to public folder, where finally site opened and the url was: https://test1.com/test1.git/public
ps. Use port 80 in httpd-vhosts.conf and not 443!

Getting "URL Blocked" for Facebook login error on Rails 5 app

I'm implementing Facebook login on a Rails 5 app with Devise and the omniauth-facebook gem and I'm getting the following error:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
I followed this tutorial: https://medium.com/#trydelight/facebook-authentication-with-devise-5b53d2f664ed
So for the "Valid OAuth Redirect URIs" it works locally with no URIs whitelisted, but for production I added
https://noora.app/users/auth/facebook and https://www.noora.app//users/auth/facebook (the production domain is noora.app). After getting the error I even added 2 more URIs with a / on the end and added noora.app and www.noora.app as domains, but I'm still getting the same error.
The app is on live mode and the login page is at https://noora.app/users/sign_in. Part of the Facebook settings are here:
Any ideas? Config seems good, but maybe someone sees something I don't? Thanks!
You should whitelist your callback url, not the one that has login button:
https://noora.app/users/auth/facebook/callback
I was looking for this answer for hours, the solution for me was:
When I checked the params in facebook error page, it said:
redirect=mydomain/auth/facebook/callback
and not:
redirect=mydomain/users/auth/facebook/callback
So I add the first one to Valid OAuth Redirect URIs, without users, and problem solved!!!

What redirect URL to use when logging in with GitHUB with OAuth2?

I'm new in ios sdk and English. Therefore, sorry for my Eng.
I try to do authentication through github using OAuthSwift.
In the registration of the application (https://github.com/settings/apps), there is need a redirect URL. In the tutorial from raywenderlich.com was an example, they did authorization through Google. They wrote a unique domain in this line that does not work: com.raywenderlich.Incognito. And in Info.plist, we added a Scheme URL with com.raywenderlich.Incognito, so that (as I understood it) when we go to this address after authentication, we’ve got into our application. But if you try to add in the application settings (https://github.com/settings/apps) the Redirect URL: something like com.raywenderlich.Incognito, will generate an error, because github wants the URL to have to be valid. If we put the Valid URL there, then when we will be redirected to this address, we will simply go to it and will not return to the application.
I would be grateful for any help.
Sorry for my English.
Redirect url in OAuth is the url that the authentication provider navigates to when authentication is successful.
For mobile apps it is the link that launches the app (a sort of deep linking)
For websites it is the website home screen

OAuth v2 Issues with Microsoft Account connection

I have been trying to implement the OAuth v2 for Microsoft Accounts for my website. Its currently in development stage and so am testing on localhost. The Website is an ASP.NET Core MVC 5 Application.
I have followed the tutorial here to implement OAuth for Twitter, Google and Facebook accounts. I found this to be quite simple with only a few small issues that I was able to solve with simple google searches.
However I have spent several days trying to understand what is happening when trying to use Microsoft Account authentication on my site.
I have watched the video here on registering an application in the Microsoft App Registration Portal. At around minute 6 in the video a short demo shows how to set up the App. You can see my App details in the following screen shot:
In the video at about 7.5 mins in, there is a small section explaining how to test the App by building a URL string.
On submitting the query string to the browser the page is redirected as expected to my App page as you can see here:
In this instance I was all ready signed into my Microsoft Outlook account. If I wasn't signed in I would be prompted to login to a Microsoft account. Logging in, in this case choosing my already signed in Outlook account causes the page to be redirected back to my site as seen in the following screen shot but because the site didn't send the request its not expecting a token sent back for login so nothing really happens. This is expected behaviour, at this point as I was only testing that the Apps end point was working as expected.
[
The next stage is to test the functionality from my website. This is where I always have issues. To activate the OAuth functionality for Microsoft Account login requires simply un-commenting a couple of lines of code within the Startup.Auth.cs file in my websites App_Start folder and passing in the Apps ClientKey and ClientSecret values as can bee seen in the following code snippet:
app.UseMicrosoftAccountAuthentication(
clientId: System.Configuration.ConfigurationManager.AppSettings["MicrosoftOAuthClientID"],
clientSecret: System.Configuration.ConfigurationManager.AppSettings["MicrosoftOAuthClientSecret"]);
This code basically adds a little button to the login page that allows you to choose Microsoft login as can be seen here:
[
When I click the Microsoft button I get the following error page:
And the query string returned contains the following:
https://login.live.com/err.srf?lc=2057#error=unauthorized_client&error_description=The+client+does+not+exist.+If+you+are+the+application+developer%2c+configure+a+new+application+through+the+application+management+site+at+https://apps.dev.microsoft.com/.&state=JMxMRuKaOiYWCQw_Uqkhv3gLQn3ULlkG2miM4ymcHhTK5niXVQl5n4L0a6VoWeEKmFM7T1ciU2oQAh26_Y0i2DMjdt6BOAtpjNeMaSpBq4wbCjva9lOuctOUIWwoFdTEGvxJ4M904lUsoudd9e9cYi6eiH3JF81HB5ouQSus2ddE1sVUQLw-YB1GjUL79y2muFaBFIOIOk75oCV2IxX4cFO2rJU04K9Se6gxu698WpzR8taUB2c6tK9u0dBisckhavf0IvKB9dWQq-IVwQgvaA
Anybody know why or what is happening????
Now I have read in several of my many searches while trying to understand whats happening when I try to test the App from my site rather than a URL directly in the browser that I should have
/signin-microsoft
appended to my Redirect URL in the App Portals configuration. I have Tested with my Redirect URL set like that and this does not work. I get a HTTP ERROR 500 sent back because the page signin-microsoft does not exist. So this is not my problem.
Please help if anyone has had the same issues and solved it.
EDIT: I should have mentioned that I was initially trying this using Local IISExpress but after reading some posts saying it can be done only on IIS so I published my site locally to IIS.

LinkedIn oauth2 url one or more urls are not allowed

We integrated our application with LinkedIn for sign on over 6 months ago and it's been working fine. Today, we went to developer.linkedin.com for our application to update the "OAuth 2.0 Redirect URLs" to add an additional URL. We previously had the production domain, test domains, and localhost entered. Now, when we save, we receive the "One or more urls are not allowed." error message. Through process of elimination, it appears to not approve our test domain "relode-dev.azurewebsites.net".
I've checked with SURBL and none of the domains we're entering are blacklisted.
Can someone explain why "relode-dev.azurewebsites.net" is no longer valid when it was for 6 months?
After experimenting some more, it looks like LinkedIn doesn't allow any *.azurewebsites.net domains any more. I'm not sure why they created this policy. For now, the workaround seems to be adding your own custom domain to your Azure website and using it in the LinkedIn OAuth 2.0a Redirect URL. You can follow the article at http://azure.microsoft.com/en-us/documentation/articles/web-sites-custom-domain-name/ to set up your custom domain.
If LinkedIn reads this, it would be nice if you notified third-party developers when you make policy changes like this. We've had to scramble for the past few days to workaround this change.
edit: fixed the url to the azure help page (it had an extra word on the end causing it to 404).

Resources