python - google oauth 2.0 redirect_uri_mismatch (aws ec2 + route53 + nginx + uwgsi + flask + socketio) -
i getting redirect_uri_mismatch whenever try use google oauth 2.0 on website. using aws ec2 + route53 + nginx + uwgsi + flask + socketio
the authorized redirect uris: had add parenthesis remove link.
- (http)://example.net/auth/oauth2callback
- (http)s://example.net/auth/oauth2callback
- (http)://www.example.net/auth/oauth2callback
- (http)s://www.example.net/auth/oauth2callback
- (http)://localhost/auth/oauth2callback
- (http)s://localhost/auth/oauth2callback
i've added trailing "/" well, doesn't seem fix anything. suspect nginx server setting issue or connection issue between nginx -> uwsgi -> flask since redirect uri google's error page tells me matches uris i've put google's oauth settings.
here nginx server configuration:
server { listen 80; server_name www.example.net; return 301 http://example.net; } server { listen 80; server_name example.net; return 301 https://example.net; } server { listen 443; server_name example.net; ssl on; ssl_certificate /certs.pem; ssl_certificate_key /private.key; ssl_session_timeout 5m; ssl_protocols tlsv1 tlsv1.1 tlsv1.2; ssl_ciphers blank; ssl_session_cache shared:ssl:50m; ssl_dhparam /dhparam.pem; ssl_prefer_server_ciphers on; add_header strict-transport-security "max-age=31536000"; client_max_body_size 5m; location / { include uwsgi_params; uwsgi_pass unix:/filename.sock; } }
i've looked lot of documents regarding this. people uses proxies , had add lines server configuration handle issue, since not using such, believe don't have put of in configuration. (i tried few solutions in case, didn't seem fix still.)
without using nginx , uwsgi, able oauth feature work on localhost.
thanks in advance!
edit--
@tarunlalwani okay, got make half-work using proxy_pass. adding proxy_pass , nothing else, can google oauth login page. once authorize login, redirect user 127.0.0.1:5000 (which i've set proxy_pass). think have reverse proxy setup. i've added in location block right after proxy_pass this:
proxy_redirect off; proxy_buffering off; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header upgrade $http_upgrade; proxy_set_header connection "upgrade";
now reverse proxy seems work oauth broken again. oauth 2.0 redirect user http:example.net/auth/oauth2callback
instead of http:127.0.0.1:5000/auth/oauth2callback
i tested adding each command line line , restarting server. before adding proxy_set_header host $host;
when http://127.0.0.1:5000/auth/oauth2callback
redirect uri , http://example.net/auth/oauth2callback
when add line in. maybe reason why oauth broken because user getting redirected http://example.net/auth/oauth2callback
instead of https://example.net/auth/oauth2callback
?
edit 2 --
doing curl -v https://example.net/auth/oauth2callback
following:
* trying my.ip... * connected example.net (my.ip) port 443 (#0) * found 173 certificates in certs * found 696 certificates in certs * alpn, offering http/1.1 * ssl connection using tls1.2 / ecdhe_rsa_aes_256_gcm_sha384 * server certificate verification ok * server certificate status verification skipped * common name: example.net (matched) * server certificate expiration date ok * server certificate activation date ok * certificate public key: rsa * certificate version: #3 * subject: cn=example.net * start date: sun, 10 sep 2017 22:18:00 gmt * expire date: sat, 09 dec 2017 22:18:00 gmt * issuer: c=us,o=let's encrypt,cn=let's encrypt authority x3 * compression: null * alpn, server accepted use http/1.1 > /auth/oauth2callback http/1.1 > host: feelsbadman.net > user-agent: curl/7.47.0 > accept: */* > < http/1.1 302 found < server: nginx/1.10.3 (ubuntu) < date: tue, 12 sep 2017 07:32:36 gmt < content-type: text/html; charset=utf-8 < content-length: 819 < connection: keep-alive < location: https://accounts.google.com/o/oauth2/auth?client_id=myid-asdfasdfasdf.apps.googleusercontent.com&redirect_uri=http%3a%2f%2fexample.net%2fauth%2foauth2callback&scope=email&access_type=offline&response_type=code&include_granted_scopes=true < strict-transport-security: max-age=31536000 < <!doctype html public "-//w3c//dtd html 3.2 final//en"> <title>redirecting...</title> <h1>redirecting...</h1> * connection #0 host example.net left intact <p>you should redirected automatically target url: <a href="https://accounts.google.com/o/oauth2/auth?client_id=myid-asdfasdfasdf.apps.googleusercontent.com&redirect_uri=http%3a%2f%2fexample.net%2fauth%2foauth2callback&scope=email&access_type=offline&response_type=code&include_granted_scopes=true">https://accounts.google.com/o/oauth2/auth?client_id=myid-asdfasdfasdf.apps.googleusercontent.com&redirect_uri=http://example.net/auth/oauth2callback&scope=email&access_type=offline&response_type=code&include_granted_scopes=true</a>.
you site https://example.net , return url going http://example.net/auth/oauth2callback , being rejected.
please make sure return url sent google https://example.net/auth/oauth2callback , set same in authorized redirect uri
Pensyarah Universiti Tempatan menyatakan bahawa pelajar CEMERLANG lepasan politeknik sangat lemah dan tidak mengambarkan
ReplyDeletevumoo
Excellent share! I got helpful information rangextd reviews
ReplyDelete