HTTPS OAuth authentication redirect_uri error

[AakashGfude]

At present the https migration is causing authentication issues for users. We have tried some steps in the development server to mitigate this.

1) We set the development server to use staging load balancer instead of the direct IP in AWS.

2) Added redirect url for port 8443 https://development-notes.quantecon.org:8443/api/auth/google/callback to the google search console.

3) Added harcoded callbackURL in /server/js/auth/_config.js for testing :-

4) Exposed port 8443 for docker in Dockerfile-server :-

5) added port-forwarding in docker-compose.yml to point to 8080 :-

6) made sure there was no cached version being used while building docker :-

Although we were able to access see the google interface for authentication :-

But the redirect url is not able to access the server via 8443.

[mmcky]

thanks @AakashGfude this is really nicely documented. I'll also add @DrDrij to this discussion.

[DrDrij]

@AakashGfude This is fantastic. Thanks for progress here!

What I'm noticing while troubleshooting the site through the load balancer:

• Auth popup works correctly (when logged out of Google) on both HTTP and HTTPS.

• HTTPS auth and consent works correctly

Request URL: https://accounts.google.com/signin/oauth/consent?authuser=0&part=AJi8hAMAMlxmnlTtAi2NMW7DkYW66PeyJR9dCRSvmVm9QdB835Vu9RiXrwvK3AoyDMoGmkxEvUhS0TXSrLzKywvp2z2EMwkDq4gEk0n5dh4o5nw9kHJmSJUOw88NJCLct7hd-dmBG47-anqh_Bb0z99bF2uAwCDvZ_2UtmiOs5gopkONsTfMrZoh3T44vjTKgzULczj6v1KTA8T2qTAILiEanWGzMIhmHpxt1OybVpOcdebvUhMDwJaoXkNwVoWbLMSfd9jrtta0uoS3d9Wy5akm0pSX-zVgGg2iUJwTLOIAZ4QilMNcOMpQ7Ye5zpgxP78Nb7UgS-yT34E8A3P5IFnR2HYLA8wUbW-nhouIOwR05ohftztI4EAYevpO_nXaJnQKf3ySYiuV69hTV9H6vP0enW-CO1SXVvpr2tuiWPFFpscWI8AjwYpyGoi6tOxAYcH5UEuKh_-_SY41JHB7QLjc06geqY0Fjg&as=vg6JwuLiqnFqNebIlrd1Uw&rapt=AEjHL4MNy6dl0PMHMVinxLg7ZIPUOeUj6FZfICRQAuDA8vhnhUTwU5NfJELbZHc1bwb7MMHwyMDmnLTxwo7GljK-T0U5CsR6Xw

• Auth on HTTPS appears to be getting stuck at the very last stage as its requesting callback via HTTP on port 8080.

Request URL: http://development-notes.quantecon.org:8080/api/auth/google/callback?code=4%2FxwBuw-de7T2NOcMUCUtoshCQeWYbf_sl0lKjvlIaMDiJNrHfng_eG86scyQhJv9VKaC1Ju_xXqJsSX4uGW3XWTI&scope=openid+email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.me

I've gone through and made sure the security profiles for the load balancer and instance have all the required ports open.

• Interesting my auth popup stops at a different place than yours

My feeling is its still a redirection issue. I'm not sure how I can help further. One thing that made a difference was going to google.com and logging the browser out before testing.

I see Twitter auth will also need the configuration updated. Maybe somewhere to start as it may highlight something outstanding? 🤔

[AakashGfude]

Hi @DrDrij , you are right, it is definitely a redirection issue. Sorry, I had reverted all the changes we had done on development, so that the development environment remains consistent with other environmnets for testing other things. After the changes we had made, the redirect URL which you are getting Request URL: http://development-notes.quantecon.org:8080/api/auth/google/callback? should point to 8443, but the issue was still there because of some missing port configuration or something. If you are working on this tonight, then drop me a message so that I apply all the changes we had done on development and then we can pick up from there. I will also be available tonight, if we can work on this together.

[AakashGfude]

Closing this issue as it has been resolved