python - google oauth 2.0 redirect_uri_mismatch (aws ec2 + route53 + nginx + uwgsi + flask + socketio) -


i getting redirect_uri_mismatch whenever try use google oauth 2.0 on website. using aws ec2 + route53 + nginx + uwgsi + flask + socketio

the authorized redirect uris: had add parenthesis remove link.

  • (http)://example.net/auth/oauth2callback
  • (http)s://example.net/auth/oauth2callback
  • (http)://www.example.net/auth/oauth2callback
  • (http)s://www.example.net/auth/oauth2callback
  • (http)://localhost/auth/oauth2callback
  • (http)s://localhost/auth/oauth2callback

i've added trailing "/" well, doesn't seem fix anything. suspect nginx server setting issue or connection issue between nginx -> uwsgi -> flask since redirect uri google's error page tells me matches uris i've put google's oauth settings.

here nginx server configuration:

server {     listen 80;     server_name www.example.net;      return 301 http://example.net; }  server {     listen 80;     server_name example.net;      return 301 https://example.net; }  server {     listen 443;     server_name example.net;      ssl on;     ssl_certificate /certs.pem;     ssl_certificate_key /private.key;     ssl_session_timeout 5m;     ssl_protocols tlsv1 tlsv1.1 tlsv1.2;     ssl_ciphers blank;     ssl_session_cache shared:ssl:50m;     ssl_dhparam /dhparam.pem;     ssl_prefer_server_ciphers on;      add_header strict-transport-security "max-age=31536000";      client_max_body_size 5m;      location / {         include uwsgi_params;          uwsgi_pass unix:/filename.sock;     } }

i've looked lot of documents regarding this. people uses proxies , had add lines server configuration handle issue, since not using such, believe don't have put of in configuration. (i tried few solutions in case, didn't seem fix still.)

without using nginx , uwsgi, able oauth feature work on localhost.

thanks in advance!

edit--
@tarunlalwani okay, got make half-work using proxy_pass. adding proxy_pass , nothing else, can google oauth login page. once authorize login, redirect user 127.0.0.1:5000 (which i've set proxy_pass). think have reverse proxy setup. i've added in location block right after proxy_pass this:

proxy_redirect off; proxy_buffering off;  proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;  proxy_http_version 1.1; proxy_set_header upgrade $http_upgrade; proxy_set_header connection "upgrade";

now reverse proxy seems work oauth broken again. oauth 2.0 redirect user http:example.net/auth/oauth2callback instead of http:127.0.0.1:5000/auth/oauth2callback

i tested adding each command line line , restarting server. before adding proxy_set_header host $host; when http://127.0.0.1:5000/auth/oauth2callback redirect uri , http://example.net/auth/oauth2callback when add line in. maybe reason why oauth broken because user getting redirected http://example.net/auth/oauth2callback instead of https://example.net/auth/oauth2callback ?

edit 2 --
doing curl -v https://example.net/auth/oauth2callback following:

*   trying my.ip... * connected example.net (my.ip) port 443 (#0) * found 173 certificates in certs * found 696 certificates in certs * alpn, offering http/1.1 * ssl connection using tls1.2 / ecdhe_rsa_aes_256_gcm_sha384 *        server certificate verification ok *        server certificate status verification skipped *        common name: example.net (matched) *        server certificate expiration date ok *        server certificate activation date ok *        certificate public key: rsa *        certificate version: #3 *        subject: cn=example.net *        start date: sun, 10 sep 2017 22:18:00 gmt *        expire date: sat, 09 dec 2017 22:18:00 gmt *        issuer: c=us,o=let's encrypt,cn=let's encrypt authority x3 *        compression: null * alpn, server accepted use http/1.1 > /auth/oauth2callback http/1.1 > host: feelsbadman.net > user-agent: curl/7.47.0 > accept: */* > < http/1.1 302 found < server: nginx/1.10.3 (ubuntu) < date: tue, 12 sep 2017 07:32:36 gmt < content-type: text/html; charset=utf-8 < content-length: 819 < connection: keep-alive < location: https://accounts.google.com/o/oauth2/auth?client_id=myid-asdfasdfasdf.apps.googleusercontent.com&redirect_uri=http%3a%2f%2fexample.net%2fauth%2foauth2callback&scope=email&access_type=offline&response_type=code&include_granted_scopes=true < strict-transport-security: max-age=31536000 < <!doctype html public "-//w3c//dtd html 3.2 final//en"> <title>redirecting...</title> <h1>redirecting...</h1> * connection #0 host example.net left intact <p>you should redirected automatically target url: <a href="https://accounts.google.com/o/oauth2/auth?client_id=myid-asdfasdfasdf.apps.googleusercontent.com&redirect_uri=http%3a%2f%2fexample.net%2fauth%2foauth2callback&scope=email&access_type=offline&response_type=code&include_granted_scopes=true">https://accounts.google.com/o/oauth2/auth?client_id=myid-asdfasdfasdf.apps.googleusercontent.com&redirect_uri=http://example.net/auth/oauth2callback&scope=email&access_type=offline&response_type=code&include_granted_scopes=true</a>.

you site https://example.net , return url going http://example.net/auth/oauth2callback , being rejected.

please make sure return url sent google https://example.net/auth/oauth2callback , set same in authorized redirect uri


Comments

  1. luckys28 July 2020 at 02:43

    Pensyarah Universiti Tempatan menyatakan bahawa pelajar CEMERLANG lepasan politeknik sangat lemah dan tidak mengambarkan
    vumoo

    ReplyDelete
  2. Rangextd26 October 2020 at 23:17

    Excellent share! I got helpful information rangextd reviews

    ReplyDelete

Post a Comment

Popular posts from this blog

resizing Telegram inline keyboard -

telegram's inline keyboard great feature lots of different use cases. inline buttons added list of items this: inline_keyboard = [[inlinekeyboardbutton(text="button", callback_data="button"), inlinekeyboardbutton(text="reset",callback_data="reset")]] inline_keyboard_markup = inlinekeyboardmarkup(inline_keyboard) update.message.reply_text("hi", reply_markup=inline_keyboard_markup) the above code adds 2 buttons each half width of chat screen. i know the normal keyboard button there resize_keyboard parameter somehow can used. my question is there way resize inline buttons ? example make full width or quarter width. unfortunately, can't now. :( you can suggest @botsupport , might add feature next version.
Read more

command line - How can a Python program background itself? -

consider following python command-line program. doesn't work because incomplete, think illustrates problem: #!/usr/bin/python3 import multiprocessing pool = multiprocessing.pool() task in expensive_iterator_with_user_interaction(): pool.call_async(expensive_computation, (task,)) pool.close() print("dear user, may press ctrl-z , bg script.") pool.join() thus, problem scripts needs user input while it's launching expensive parallel processes. there moment when user interaction not needed anymore. then, ask user background process shell actions. however, can achieved program itself? (side note: core of problem entanglement of user input firing “expensive computations”. therefore, cannot separate both in 2 scripts, , letting 1 spawning other daemon.) the command screen may you. use screen -l create new session , run application. after inputting data, can press " ctrl-a " , press " d " on keyboard detach session. now
Read more

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -

Image
my wordpress installation on azure app service on linux using custom docker container has slow response times. pages take around 20-40 seconds load. i have troubleshooting plugin installed indicates problem "curl error 28: resolving timed out after n milliseconds" when making requests following urls https://api.wordpress.org/core/version-check/1.7/ http://api.wordpress.org/core/version-check/1.7/ https://api.wordpress.org/plugins/update-check/1.1/ http://api.wordpress.org/plugins/update-check/1.1/ https://api.wordpress.org/themes/update-check/1.1/ http://api.wordpress.org/themes/update-check/1.1/ curl works fine on scm-site command line. example works ok. curl -x post http://api.wordpress.org/core/version-check/1.7/ edit if ssh container , run php code, works fine. <?php $url = 'http://api.wordpress.org/core/version-check/1.7/'; $fields = array( 'version' => urlencode('4.8.1'), 'php' => urlencode(
Read more