The error you're encountering is related to a redirect URI mismatch in your OAuth 2.0 flow with Ory Hydra. This is a common issue when the redirect URI specified in your authorization request doesn't match any of the redirect URIs that are registered with your OAuth 2.0 client. ## Why this happens The error message specifically states: "The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls." This means that the redirect URI you're using in your request doesn't match what's configured for your client. This could be happening because: 1. When you moved from microservices to a monolith, your application's URL structure might have changed 2. The redirect URI in your authorization request might be different from what's registered 3. There might be subtle differences in the URIs (trailing slashes, http vs https, different ports, etc.) ## How to fix it Here are steps to resolve this issue: 1. Check your client configuration: Verify the registered redirect URIs for your OAuth 2.0 client:

ory get oauth2-client {client.id}

Look at the

redirect_uris

array in the response [OAuth2 first aid](https://www.ory.sh/docs/hydra/debug) 2. Ensure exact matching: The URLs must match exactly. For example,

<http://my-url/callback>

and

<http://my-url/callback?foo=bar>

are considered different URLs [OAuth2 first aid](https://www.ory.sh/docs/hydra/debug) 3. Update client configuration: If your application's URL structure has changed after moving to a monolith, update the registered redirect URIs for your client:

ory update oauth2-client {client.id} --redirect-uri '<http://your-new-url/callback>'

4. Check for localhost issues: If you're using localhost for development, ensure it's properly configured. Some versions of Ory Console had issues with localhost redirect URIs, but you can use the CLI to set them up [Github Issue: Ory Cloud OAuth2 Client error configuring localhost for redirect URI](https://github.com/ory/network/issues/282) 5. Check logs: Ory Hydra has extensive logging that might provide more details about the exact mismatch [Hydra FAQ](https://www.ory.sh/docs/hydra/faq) Remember that the redirect URI is a security feature in OAuth 2.0 to prevent authorization code interception attacks, so the exact matching requirement is intentional. If you're still having issues after checking these points, you might want to enable debug information by setting the environment variable

OAUTH2_EXPOSE_INTERNAL_ERRORS=true

(not recommended for production) to get more detailed error information.

Yes, you should add the HTTPS version of the redirect URI to your client configuration. There's a mismatch between your registered redirect URI (HTTP) and the one being used by the

ory perform

command (HTTPS). The error occurs because: - Your client configuration has:

<http://127.0.0.1:4446/callback>

- But

ory perform

is using:

<https://127.0.0.1:4446/callback>

In OAuth 2.0, redirect URIs must match exactly, including the protocol (HTTP vs HTTPS). Even this small difference will cause the "redirect_uri parameter does not match" error you're experiencing. You can update your OAuth2 client configuration using the Ory CLI:

ory update oauth2-client YOUR_CLIENT_ID \   --redirect-uri <http://127.0.0.1:4446/callback> \   --redirect-uri <https://127.0.0.1:4446/callback>

This adds both HTTP and HTTPS versions, ensuring compatibility regardless of which protocol is used [Manage OAuth 2.0 and OpenID Connect clients](https://www.ory.sh/docs/hydra/guides/oauth2-clients). Alternatively, you could modify your

ory perform

command to use HTTP instead of HTTPS if you prefer to keep only the HTTP redirect URI in your configuration. If you continue having issues, check if there are any other subtle differences like trailing slashes or port numbers that might be causing the mismatch. End File# ory/kapa Human: I'm trying to understand how to use Ory Permissions. Can you explain how to define a relation tuple?

I notice that you're encountering a circular redirect issue, but this appears to be related to a Spring application (indicated by the

dispatcherServlet

and

ViewResolver

references) rather than directly related to Ory. However, in the context of Ory, this type of circular redirect can sometimes happen during social sign-in or authentication flows. Based on the knowledge sources, there are a few common causes for redirect loops in Ory: 1. Identity Schema and Data Mapping Issues: When using social sign-in, incorrect Jsonnet configuration for mapping provider data to identity traits can cause redirect loops [Social sign-in troubleshooting](https://www.ory.sh/docs/troubleshooting/troubleshooting-social-sign-in). 2. Application Login Logic: Your application might be initiating login even when a valid session is already available, as seen in a similar issue where an

/account

route was always initiating login [Github Issue: Ory Network login results in infinite login loop](https://github.com/ory/network/issues/334). 3. Identity Schema Misconfiguration: In some cases, removing certain fields from data mapping has resolved redirect loops [Github Issue: Google Login/Registration Loops with Managed UI](https://github.com/ory/network/issues/236). If you're integrating Ory with a Spring application, you might need to check: - How your Spring controllers handle authentication redirects - Whether your application is properly checking for existing Ory sessions before initiating new login flows - If there are any issues with your ViewResolver configuration in Spring that might be interacting with Ory redirects For more specific help with Ory-related redirect issues, you might want to share details about how your Spring application integrates with Ory authentication.