albogdano
commented
1 month ago Check the value of scoold.host_url - must be the public URL of the Scoold server
Closed oopen closed 1 month ago
albogdano
commented
1 month ago Check the value of scoold.host_url - must be the public URL of the Scoold server
oopen
commented
1 month ago Tanks for you interest!
I have also already set scoold.host_url, and the scoold.security.redirect_uri to the FQDN.
this is my scoold-application.conf config file :
scoold.para_access_key = "app:scoold"
scoold.para_secret_key = "aaa=="
scoold.para_endpoint = "http://para:8080"
scoold.app_secret_key = "bbb="
############# MISCELLANEOUS #############
scoold.autoinit.para_config_file = "/scoold/para-application.conf"
# Perso
scoold.admins = "admin@domain.top"
scoold.security.redirect_uri = "https://domain.top"
scoold.host_url = "https://domain.top"
scoold.app_name = "Q&A Domain"
scoold.env = "production"
# Google Auth
scoold.gp_app_id = "xxx.apps.googleusercontent.com"
scoold.gp_secret = "xxx"Make sure that http://domain.top/google_auth is public to the Internet and points to the local instance of Para at http://para:8080/google_auth.
oopen
commented
1 month ago Ok thanks you this fix the problem.
I haven't understand, that para /google_auth must be exposed to get the response from Google.
I use traefik, so I add a rule to redirect to para :
services:
para:
labels:
- traefik.http.routers.para.rule=Host(`${HOST}`) && Path(`/google_auth`)
sainatrajt
commented
1 month ago @albogdano this is my application.conf, if i givescoold.security.redirect_uri = "http://localhost:8000 it is giving unauthorized redirect url even after adding http://localhost:8000/google_auth in google console, if i give scoold.security.redirect_uri = "http://localhost:8080 after login it is redirecting to http://localhost:8080/signin
############# CORE #############
scoold.para_access_key = "app:scoold"
scoold.para_secret_key = "Nkw=="
scoold.para_endpoint = "http://para:8080"
scoold.app_secret_key = "2IoxE8="
para.security.redirect_uri = "http://para:8080"
scoold.security.redirect_uri = "http://localhost:8080" # here i
scoold.approved_domains_for_signups = "test.com"
scoold.debug = true
scoold.error = true
scoold.port = 8001
############# MISCELLANEOUS #############
scoold.autoinit.para_config_file = "/scoold/para-application.conf"
scoold.gp_app_id = "93BBBBBBB-8bBBBBBBBBBBB.apps.googleusercontent.com"
scoold.gp_secret = "AABBAA-BBBB-CCCCCCCCCCCC"this is my nginx configuration, can you please help resolve this issue
albogdano
commented
1 month ago @sainatrajt You forgot to add scoold.host_url to point to your server's public URL. Same for the redirect_uri - either remove it or set it to the public URL.
sainatrajt
commented
1 month ago @albogdano thanks but even after adding scoold.host_url, now it is redirecting to signin?error
http://localhost:8000/google_auth this added in google console as well,
but getting below exception in para container logs
2024-09-20 07:13:30 [INFO ] Authentication request failed with status 'Bad Request' - {error=redirect_uri_mismatch, error_description=Bad Request}
2024-09-20 07:14:26 [INFO ] Authentication request failed with status 'Bad Request' - {error=redirect_uri_mismatch, error_description=Bad Request}
2024-09-20 07:15:02 [INFO ] Authentication request failed with status 'Bad Request' - {error=redirect_uri_mismatch, error_description=Bad Request}
2024-09-20 07:15:12 [INFO ] Authentication request failed with status 'Bad Request' - {error=redirect_uri_mismatch, error_description=Bad Request}
2024-09-20 07:17:56 [INFO ] Authentication request failed with status 'Bad Request' - {error=redirect_uri_mismatch, error_description=Bad Request}
2024-09-20 07:19:00 [INFO ] Authentication request failed with status 'Bad Request' - {error=redirect_uri_mismatch, error_description=Bad Request}@sainatrajt You get redirect_uri_mismatch because the redirect_uri is not the same as the one specified in your Google OAuth2 client settings. Go to the Google API console and add the URL https://public_url/google_auth
sainatrajt
commented
1 month ago @albogdano this is the public url and is already added in google cloud console for redirect urls http://localhost:8000/google_auth
albogdano
commented
1 month ago @sainatrajt Try adding http://localhost:8000 as well.
sainatrajt
commented
1 month ago @albogdano yes it(http://localhost:8000) is also added with http://localhost:8000/signin
sainatrajt
commented
1 month ago @albogdano we build a new docker image with a jvm debugger, where we see that redirect uri it is taking is http://localhost/google_auth, Can you suggest anything for this exception and why it is looking for that redirect uri?
albogdano
commented
1 month ago @sainatrajt If everything is configured correctly, the redirect should be back to http://localhost:8000/google_auth and that URL must be in the list of allowed URLs in the Google APIs console. If the starting point is http://localhost/signin then the redirect will be back to localhost (without the port number). Check all configuration, especially scoold.host_url.
sainatrajt
commented
1 month ago @albogdano scoold.host_url is configured with http://localhost:8000 and all the urls are added in the google sign in as well but still it is redirecting to localhost/google_auth, I'm not getting any exception at google level but at para level which is weird
############# CORE #############
scoold.para_access_key = "app:scoold"
scoold.para_secret_key = "Nkw=="
scoold.para_endpoint = "http://para:8080"
scoold.app_secret_key = "BBCVVVVCCCDDD="
para.security.redirect_uri = "http://para:8080"
scoold.security.redirect_uri = "http://localhost:8000"
scoold.host_url = "http://localhost:8000" # here i
scoold.approved_domains_for_signups = "test.com"
scoold.debug = true
scoold.error = true
scoold.port = 8001
############# MISCELLANEOUS #############
scoold.autoinit.para_config_file = "/scoold/para-application.conf"
scoold.gp_app_id = "93BBBBBBB-8bBBBBBBBBBBB.apps.googleusercontent.com"
scoold.gp_secret = "AABBAA-BBBB-CCCCCCCCCCCC"@sainatrajt Check your nginx/proxy configuration. I think this is not an issue with either Para or Scoold.
sainatrajt
commented
1 month ago @albogdano as i shared my nginx configuration earlier im sharing it again, please let me know if anything is wrong
cat conf.d/default.conf
server {
listen 8000;
server_name localhost;
location / {
proxy_pass http://localhost:8001;
proxy_redirect http:// $scheme://;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
location /google_auth {
proxy_pass http://localhost:8080/google_auth;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://localhost:8080/google_auth http://localhost:8000/google_auth;
}
}
root@sainatraj /etc/nginx# nginx -t
nginx: [warn] conflicting server name "localhost" on 0.0.0.0:8000, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful@sainatrajt There is a warning right there for a conflicting server name localhost. I don't see a point of using nginx for localhost proxying, i.e. without any TLS or a public domain name.
sainatrajt
commented
1 month ago @albogdano yes i dont have to expose localhost via nginx but earlier you told to expose localhost:8000 and redirect internally with localhost:8080/google_auth because it is not working without nignx, i have added proxying for localhost but still login is not working after resolving the conflicting server_name and still redirect_uri_mismatch is happening becuase of redirecting to localhost/google_auth, after removing port 80 and changing to 8000 with route / and /google_auth as shown in above configuration in nginx.conf was able to resolve conflict warning
server {
listen 8000 default_server;
listen [::]:8000 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost:8001;
proxy_redirect http:// $scheme://;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
location /google_auth {
proxy_pass http://localhost:8080/google_auth;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://localhost:8080/google_auth http://localhost:8000/google_auth;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}@sainatrajt Try without nginx and only add this URL in the Google APIs console as allowed redirect
http://localhost:8080/google_authI can't help you much more with your nginx configuration, unfortunately.
Hello, I can't login with google_auth. I use docker-compose and I have configured my personal google oauth credentials in the file
scoold-application.confThe Google login button appear, when I click on it I can enter my google login, and validate the verification code. When I click on confirm screen, Google redirect normaly to the
/google_auth?...But this auth endpoint redirect to/not-found