Have done the 5 minute guide and all working. Now putting behind actual live domains using nginx and getting the error message: "The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls.", i have searched everywhere and cannot find where to whitelist domains. Put serve>public>cors>allowed_origins to "*", Cookie domain to example.com, hydra perform authorization-code \ --client-id f820d6e4-f9fe-4a18-bab3-c824dc607432 \ --client-secret 85v0E7ChSV4o_ayGKGbF_Vi3YK \ --endpoint https://auth.example.com/ \ --port 5555 \ --scope openid --scope offline

You have to set the

--redirect-uri

when you create the OAuth client.

# https://www.ory.sh/docs/hydra/cli/hydra-clients-create hydra create client \ --endpoint http://127.0.0.1:4445 \ --grant-type authorization_code,refresh_token \ --response-type code,id_token \ --format json \ --name ory-hydra \ --scope openid --scope offline \ --client-uri https://test.example.com \ --redirect-uri https://test.example.com/callback \ --request-uri https://test.example.com # https://www.ory.sh/docs/hydra/cli/hydra-perform-authorization-code hydra perform authorization-code \ --client-id 37733e88-5356-4209-8d64-28caab99274b \ --client-secret WKva5ZKis1GO15GHscIRZLt958 \ --endpoint https://oauth.example.com/ \ --port 5555 \ --scope openid --scope offline # nginx (oauth.eample.com) server { listen 443 ssl http2; listen [:]443 ssl http2; server_name oauth.example.com; ssl_certificate /etc/letsencrypt/live/oauth.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/oauth.example.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://127.0.0.1:4444; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; } } # nginx (test.example.com) server { listen 443 ssl http2; listen [:]443 ssl http2; server_name test.example.com; ssl_certificate /etc/letsencrypt/live/test.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/test.example.com/privkey.pem; add_header Strict-Transport-Security max-age=2592000; location / { proxy_pass http://localhost:5555/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; } }