Is there any way to change the oauth redirect_uri ...
# ory-network
Is there any way to change the oauth redirect_uri to
during development? This is a bit of a roadblock for using the proxy with SSO-only projects
That’s a good question. It’s a bit complicated, because some providers like GitHub don’t allow multiple redirect URLs, so for those you would need a separate client. We’ll have to think about how to enable Social when using the Ory Proxy. Unfortunately I don’t have an easy answer for you here…
What type of app are you developing?
It might be possible if we’re really smart about this in the Ory Proxy
My project doesn't handle passwords (or, ideally, emails) at all, it only uses SSO. But that of course does complicate local dev a bit.
For now I'm getting around it by copying the callback request and pasting it into the address bar under localhost
some providers like GitHub don’t allow multiple redirect URLs
Don't they generally allow localhost though?
I'd be totally willing to configure a localhost callback URL in my testing Github application. Today I tried doing that and rewriting the
in the browser-side self-service flow, but still no cigar. My only solution at the moment is manually resending the request in the Network tab of browser dev tools.
I'm actually pretty confused about why rewriting the
didn't work. I'm using the TS client to submit the login flow. It returns a
error, as expected, with this shape:
Copy code
  "error": {
    "id": "browser_location_change_required",
    "code": 422,
    "status": "Unprocessable Entity",
    "reason": "In order to complete this flow please redirect the browser to: <>",
    "message": "browser location change required"
  "redirect_browser_to": "<>"
But instead of redirecting to that URL, I first rewrite it, changing
from the Cloud URL to the local proxy path:
Copy code
This works at first. I've configured Github to use localhost for the callback URL, so it accepts it. It sends me back to localhost correctly, e.g.:
Copy code
But this is where the problem occurs. An error is thrown: the temporary code we receive doesn't work to retrieve an access token from Github.
Copy code
  "code": 500,
  "message": "oauth2: server response missing access_token",
  "status": "Internal Server Error"
However, if I disable the local proxy before this request is fired, I can use the code to get an access token successfully. Of course, if I try it again with the same code, it fails. The code is single-use. I'm almost certain that
is being called prematurely, so that when the access token is supposed to be retrieved, it fails because it's already been read once. I have no idea why this only happens when sending requests through the proxy.
I actually don't think this is a proxy problem. I simply cannot get the AJAX flow working with social login, even with Postman:
(Sorry if this thread has diverged from the #cloud topic)
Okay I think I've figured it out. I suspect that when the server is getting the access token from github (/login/oauth/access_token), it's supplying the (optional) redirect_uri parameter as my Ory project URL – which Github rejects because I've set my GH app callback url to localhost. It's impossible to know for sure because Ory Cloud errors are pretty opaque. It would help tremendously if it would show the cause of an error like "cannot retrieve access token" – in this case the cause would be Github's error
, if my theory is right.
Oh, that is great feedback - the error is indeed very opaque but the reason for the error you mentioned will be correct
The redirect URIs have to match
By the way, it's better to start a new thread here or ask in github discussions as it helps others who might face the same issue, and it's easier for js to track :)
*for us
Gotcha, yeah this thread got a little unwieldy haha