docker installation - redirect_uri_mismatch

[MaoX17]

I have followed yur guide to install.

I use docker-compose:

version: '3'

services: mattermost-ldap: build: Docker/mattermostldap image: mattermostldap restart: always ports:

• 88:80
• 8443:443 environment:
• ldap_host
• ldap_port
• ldap_version
• ldap_start_tls
• ldap_search_attribute
• ldap_base_dn
• ldap_filter
• ldap_bind_dn
• ldap_bind_pass
• db_host
• db_port
• db_type
• db_name
• db_user
• db_pass db: image: postgres:alpine restart: always volumes:
• ./db_init/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh
• ./db_init/config_init.sh.example:/docker-entrypoint-initdb.d/config_init.sh
• ./data/:/var/lib/postgresql/data/ environment:
• POSTGRES_USER
• POSTGRES_PASSWORD
• POSTGRES_HOST_AUTH_METHOD
• client_id
• client_secret
• redirect_uri
• grant_types
• scope
• user_id
• db_user
• db_pass
• db_name
• db_host
• db_port

with this config in mattermost:

"GitLabSettings": {

    "Enable": true,

    "Secret": "4e3d19c64d72dffacfd5ce47bc030f7716e54cc4eda1cc386b1912f2eaa031ff",

    "Id": "7198d09235229a0fa7afd5eb7d3b264c73afd8ae8f43c4f27e5369dc289aaf84",

    "Scope": "",
    "AuthEndpoint": "http://mattermost-ldap.comune.prato.it:88/oauth/authorize.php",
    "TokenEndpoint": "http://mattermost-ldap.comune.prato.it:88/oauth/token.php",
    "UserApiEndpoint": "http://mattermost-ldap.comune.prato.it:88/oauth/resource.php"
},

Versione Mattermost: 5.27.0 Versione Schema Database: 5.27.0 Database: postgres

When i click on GitLab browser give me the error:

error	"redirect_uri_mismatch"
error_description	"The redirect URI provided is missing or does not match"
error_uri	"http://tools.ietf.org/html/rfc6749#section-3.1.2"

[Crivaledaz]

Hi,

Below the summary of the issue #30 answer :

Assuming Mattermost configuration in config.json is valid. When you click on the Gitlab button on the Mattermost login page, you are redirected to the authorize page from the oauth server :

http://<oauth_server>/oauth/authorize.php?response_type=code&client_id=<token_client>&redirect_uri=http://<mattermost_server>/signup/gitlab/complete&state=<state_token>

The error "redirect_uri_mismatch" comes when the redirect_uri values in the table oauth_clients, from the oauth database, is not equal to the url parameter redirect_uri.

For example, if redirect_uri value in the database is http://<mattermost_hostname>/signup/gitlab/complete and the url redirect_uri parameter is http://<mattermost_ip>/signup/gitlab/complete, you will get the error "redirect_uri_mismatch" because <mattermost_hostname> != <mattermost_ip> even if this is the same server.

Mattermost builds the redirect_uri parameters in the URL from the site url parameter in config.json. If site url is set to http://mattermost.company.com:8065 then the redirect_uri will be http://mattermost.company.com:8065/signup/gitlab/complete. So if you need to adapt the URL parameter redirect_uri you need to update your site url parameter in the Mattermost config.json file.

Besides, the reference redirect_uri for the Oauth server is the value in oauth_client table, which must be equal to the parameter send by Mattermost to allow Oauth authentication. By default, this field is filled by the init shell script, but it is possible to update its value directly in the table.

If you want to adapt the Oauth redirect_uri value, connect to your Oauth database (MySQL or PostgreSQL) and update the value with the following SQL command :

UPDATE oauth_clients SET redirect_uri = 'http://mattermost.company.com:8065/signup/gitlab/complete' WHERE client_id='<client_id>'

Change mattermost.company.com with your Mattermost hostname/IP, and by the right value.

After, you should be able to connect to Mattermost through the oauth server.

Moreover, check your docker-compose values for environment variables. You should to precise these values directly in the docker-compose file or in the .env file. As stated in the Readme :

Before running the docker-compose file, you need to adapt LDAP and DB parameters. All parameters are gathered in the env.example file and they are passed to Postgres and Oauth server by environment variables. Copy the env.example file to .env and edit it to change with your values. For demo, parameters are directly in the docker-compose.yaml file, so you need to edit this file instead of .env.

You should adapt the redirect_uri parameter in the .env file with the good value.

I hope these will solve your problem, please give me your feedback,

Regards

[MaoX17]

Sorry. Ok, it solve the problem. Thank you