Redirect_uri_mismatch

[Arcticold]

Hi! I don't understand what I need to set as redirect_uri. Whatever I've tried so far results in "redirect_uri_mismatch". When I go to the login page of Mattermost and hover over GitLab button, the URL it displays is "192.168.1.59:8065/oauth/gitlab/login". The config.json file is configured as instructed, but when I take a look at system console, the following can be seen:

[Crivaledaz]

Hi,

Assuming configuration in config.json is valid. When you click on the Gitlab button on the Mattermost login page, you are redirected to the authorize page from the oauth server :

http://<oauth_server>/oauth/authorize.php?response_type=code&client_id=<token_client>&redirect_uri=http://<mattermost_server>/signup/gitlab/complete&state=<state_token>

The error "redirect_uri_mismatch" comes when the redirect_uri values in the table oauth_clients, from the oauth database, is not equal to the url parameter redirect_uri.

For example, if redirect_uri value in the database is http://<mattermost_hostname>/signup/gitlab/complete and the url redirect_uri parameter is http://<mattermost_ip>/signup/gitlab/complete, you will get the error "redirect_uri_mismatch" because <mattermost_hostname> != <mattermost_ip> even if this is the same server.

Concerning the Gitlab configuration in Mattermost, configuration in config.json is overridden configuration in the System Console. Thus, be sure your Mattermost config.json is well configured with the following parameters :

  gitlab:
    Enable: "true"
    Secret: "<client_secret>"
    Id: "<client_id>"
    Scope: ""
    AuthEndpoint: "https://<oauth_server>/oauth/authorize.php"
    TokenEndpoint: "http://<oauth_server>/oauth/token.php"
    UserApiEndpoint: "http://<oauth_server>/oauth/resource.php"

Please check your configuration, and the redirect_uri value in oauth database (table oauth_clients), and try again.

I hope these will solve your problem, please give me your feedback,

Regards

[jengle02]

I'm having the same issue. I suspect that it could have something to do with the fact that I'm using the default mattermost port for the main site (TCP/8065). The link below is the error I'm receiving once I've been authenticated. https://imgur.com/o3EBFwg Oauth is running on the default apache server port which is TCP/80.

[Crivaledaz]

Mattermost builds the redirect_uri parameters in the URL from the site url parameter in config.json. If site url is set to http://mattermost.company.com:8065 then the redirect_uri will be http://mattermost.company.com:8065/signup/gitlab/complete. So if you need to adapt the URL parameter redirect_uri you need to update your site url parameter in the Mattermost config.json file.

Besides, the reference redirect_uri for the Oauth server is the value in oauth_client table, which must be equal to the parameter send by mattermost to allow Oauth authentication. By default, this field is filled by the init shell script, but it is possible to update its value directly in the table.

If you want to adapt the Oauth redirect_uri value, connect to your Oauth database (MySQL or PostgreSQL) and update the value with the following SQL command :

UPDATE oauth_clients SET redirect_uri = 'http://mattermost.company.com:8065/signup/gitlab/complete' WHERE client_id='<client_id>'

Change mattermost.company.com with your Mattermost hostname/IP, and by the right value.

After, you should be able to connect to Mattermost through the oauth server.

[jengle02]

I wrote a response but didn't see your response until I had posted it (Comments removed). Now it is working at lot further than it was before... Redirects are happening correctly; however, there is an error about "Could not parse auth data out of GitLab user object".

This has definitely been a challenge. I can't imagine what you had to go through to make this all work the first time :-).

[Aichor]

Hi! In my case, the issue was that the site_url paramter was unset in config.json - it was just empty. After that there weren't any more "redirect_uri_mismatch" errors.