GitHub OAuth fails with redirect_uri_mismatch

[jakubgs]

I attempted to use the GitHub OAuth configuration by specifying:

AUTH_GITHUB_ORG=true
AUTH_GITHUB_ORG_CLIENT_ID=secret-id
AUTH_GITHUB_ORG_CLIENT_SECRET=super-secret
AUTH_GITHUB_ORG_NAME=my-gh-org

But when I tried to use the Sig in with GitHub[sic] button:

I get redirected to the url:

https://github.com/login/oauth/authorize?scope=read:org&state=SECRET&redirect_uri=http://cabot.example.org/complete/github-org/&response_type=code&client_id=SECRET

And I then get redirected to:

https://cabot.example.org/complete/github-org/?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=SECRET

And I'm sure my redirect URL configured in github is http://cabot.example.org/complete/github-org/ down to the trailing slash.

Not sure what I'm supposed to do. I do find it strange tho that the URL isn't encoded in the URL arguments.

[dbuxton]

Maybe an issue with https vs http?

[jakubgs]

Oh damn, you might be right! Let me try setting X-Forwarded-Proto.

[jakubgs]

Hmmm, I added some headers like so:

  location / {
    proxy_set_header Host $proxy_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://127.0.0.1:5000/;
 }

But I'm still seeing it use http. Not sure what setting I'm missing.

[jakubgs]

Oh, I see, it's WWW_SCHEME setting. I guess the app doesn't respect X-Forwarded-Proto.

[jakubgs]

Yep, that was it, the WWW_SCHEME needs to be used rather than X-Forwarded-Proto header. Thanks for pointing it out!