Gitea: OAuth2+Github redirect_uri mismatch
Abstract
OAuth2 documentation needs configuration details.
Description
When configuring the OAuth2 authentication method for Github, a user is redirected to:
/user/oauth2/<authname>/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch
with a 500 error.
The problem appears to be with the callback URI not matching the redirect_uri, but I've followed the URI nomenclature from admin/auths/new.
I've set the relevant bits (eg, DISABLE_REGISTRATION = false and ENABLE_REVERSE_PROXY_AUTHENTICATION = true) in my custom/conf/app.ini, and there doesn't seem to be anything in the cheat sheet or authentication sections of the documentation about this issue, and no place to set the redirect URI from the web interface.
Ideally, this would get closed after the documentation is updated providing an entry for OAuth2 config FAQ and the 'known good' configuration would be recorded in the docs (ideally with the other auth stuff).
I can PR the docs, I just need to know why this seemingly-straighforward thing is being problematic.
Screenshots
Server Details
- Gitea version (or commit ref): 1.4.0+3-g641d481c
- Git version: 2.11.0
- Operating system: Debian GNU/Linux 9 (stretch)
- Database (use
[x]):
- [ ] PostgreSQL
- [x] MySQL (mariadb)
- [ ] MSSQL
- [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
- [ ] Yes (provide example URL)
- [x] No
- [ ] Not relevant
- Log:
2018/04/04 22:19:25 [I] Log Mode: File(Trace)
2018/04/04 22:19:25 [I] XORM Log Mode: File(Trace)
2018/04/04 22:19:25 [I] Cache Service Enabled
2018/04/04 22:19:25 [I] Session Service Enabled
2018/04/04 22:19:25 [I] Git Version: 2.11.0
2018/04/04 22:19:25 [T] Doing: CheckRepoStats
2018/04/04 22:19:25 [T] Doing: ArchiveCleanup
2018/04/04 22:19:25 [T] Doing: DeletedBranchesCleanup
2018/04/04 22:19:25 [I] Run Mode: Production
2018/04/04 22:19:25 [I] Listen: https://0.0.0.0:
2018/04/04 22:19:25 [I] LFS server enabled
2018/04/04 22:19:31 [D] Session ID:cde9
2018/04/04 22:19:31 [D] CSRF Token:==
2018/04/04 22:19:31 [D] Template: user/auth/signin
2018/04/04 22:19:32 [D] Session ID:cde9
2018/04/04 22:19:32 [D] CSRF Token:==
2018/04/04 22:19:33 [D] Session ID:cde9
2018/04/04 22:19:33 [D] CSRF Token:==
2018/04/04 22:19:33 [...routers/user/auth.go:407 handleOAuth2SignIn()] [E] UserSignIn: Invalid token received from provider
2018/04/04 22:19:33 [D] Template: status/500
jakimfett
All 3 comments
What's your ROOT_URL set to? I ran into the same problem (including the somewhat misleading 'Invalid token received...' error), but found out I had my ROOT_URL set to http://foo, while I had actually already moved it to https via apache httpd (which is reverse proxying to gitea). Changing my ROOT_URL to https://foo fixed the issue
hnsr
on 29 May 2018
Closing, please re-open if you still experience this.
techknowlogick
on 21 Jul 2018
I came here because I experienced this and found that the answer from @hnsr solved my problem.
However, I didn't find a way to change my ROOT_URL from the frontend (there really should be).
teotikalki
on 20 Mar 2019
Related issues
kolargol
路
3Comments
mirhec
路
3Comments
BNolet
路
3Comments
cookiengineer
路
3Comments
flozz
路
3Comments
Most helpful comment
What's your ROOT_URL set to? I ran into the same problem (including the somewhat misleading 'Invalid token received...' error), but found out I had my ROOT_URL set to http://foo, while I had actually already moved it to https via apache httpd (which is reverse proxying to gitea). Changing my ROOT_URL to https://foo fixed the issue