millions-van-11508
04/02/2022, 5:51 AMlocalhost
during development? This is a bit of a roadblock for using the proxy with SSO-only projectshigh-optician-2097
high-optician-2097
high-optician-2097
millions-van-11508
04/02/2022, 12:59 PMmillions-van-11508
04/02/2022, 12:59 PMmillions-van-11508
04/02/2022, 10:09 PMsome providers like GitHub don’t allow multiple redirect URLsDon't they generally allow localhost though?
millions-van-11508
04/24/2022, 3:37 AMredirect_uri
in the browser-side self-service flow, but still no cigar. My only solution at the moment is manually resending the request in the Network tab of browser dev tools.millions-van-11508
04/24/2022, 4:52 AMredirect_uri
didn't work.
I'm using the TS client to submit the login flow. It returns a browser_location_change_required
error, as expected, with this shape:
{
"error": {
"id": "browser_location_change_required",
"code": 422,
"status": "Unprocessable Entity",
"reason": "In order to complete this flow please redirect the browser to: <https://github.com/login/oauth/authorize?client_id=97a8edf1455568b30ff1&redirect_uri=https%3A%2F%2Fheuristic-engelbart-7370ityw6e.projects.oryapis.com%2Fself-service%2Fmethods%2Foidc%2Fcallback%2Fgithub&response_type=code&state=3fae5ecc-5419-444a-af5a-fab55664cc1b>",
"message": "browser location change required"
},
"redirect_browser_to": "<https://github.com/login/oauth/authorize?client_id=97a8edf1455568b30ff1&redirect_uri=https%3A%2F%2Fheuristic-engelbart-7370ityw6e.projects.oryapis.com%2Fself-service%2Fmethods%2Foidc%2Fcallback%2Fgithub&response_type=code&state=3fae5ecc-5419-444a-af5a-fab55664cc1b>"
}
But instead of redirecting to that URL, I first rewrite it, changing redirect_uri
from the Cloud URL to the local proxy path:
<https://github.com/login/oauth/authorize?client_id=97a8edf1455568b30ff1&redirect_uri=http%3A%2F%2Flocalhost%3A4000%2F.ory%2Fself-service%2Fmethods%2Foidc%2Fcallback%2Fgithub&response_type=code&state=3fae5ecc-5419-444a-af5a-fab55664cc1b>
This works at first. I've configured Github to use localhost for the callback URL, so it accepts it. It sends me back to localhost correctly, e.g.:
<http://localhost:4000/.ory/self-service/methods/oidc/callback/github?code=2c628ec3b50af5361e3c&state=da81a7a1-3247-4bb2-87bd-e51a70306bd7>
But this is where the problem occurs. An error is thrown: the temporary code we receive doesn't work to retrieve an access token from Github.
{
"code": 500,
"message": "oauth2: server response missing access_token",
"status": "Internal Server Error"
}
However, if I disable the local proxy before this request is fired, I can use the code to get an access token successfully. Of course, if I try it again with the same code, it fails. The code is single-use.
I'm almost certain that <http://github.com/login/oauth/access_token|github.com/login/oauth/access_token>
is being called prematurely, so that when the access token is supposed to be retrieved, it fails because it's already been read once.
I have no idea why this only happens when sending requests through the proxy.millions-van-11508
04/30/2022, 8:58 PMmillions-van-11508
04/30/2022, 9:06 PMmillions-van-11508
05/01/2022, 4:04 AMredirect_uri_mismatch
, if my theory is right.high-optician-2097
high-optician-2097
high-optician-2097
high-optician-2097
millions-van-11508
05/02/2022, 5:44 PM