search

auth0 / omniauth-auth0

OmniAuth strategy to login with Auth0
MIT License
125 stars 67 forks source link

Redirect URI mismatch error with Github login (with Auth0's dev keys) #83

Closed nileshtrivedi closed 5 years ago

nileshtrivedi commented 5 years ago

Description

I'm using Auth0's dev keys in development mode while running the app locally. I have configured both of the following URLs as callback URLs in the application settings:

http://localhost:3000/auth/oauth2/callback, http://localhost:3000/auth/auth0/callback

This seems to be exactly the same issue as what was reported here: https://community.auth0.com/t/redirecturl-mismatch-using-webauth/21332

An example error tracking id: ec12ffe36ad815bec615

Prerequisites

Environment

Reproduction

Error page URL: https://login.auth0.com/login/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=HlZVr9b_rOB5mvdsVKNjvPFuSX4b4i7t

albertoperdomo commented 5 years ago

Hello @nileshtrivedi,

can you pleas send a detailed description of the unexpected behavior and actual steps to reproduce? A quick test signing with Github using Auth0's dev keys worked without issues.

nileshtrivedi commented 5 years ago

@albertoperdomo

Hope this helps.

Screenshot from 2019-07-22 22-36-48

nileshtrivedi commented 5 years ago

@albertoperdomo There was this comment on Discourse forum which might be a pointer to the root cause: https://community.auth0.com/t/redirecturl-mismatch-using-webauth/21332/2

joshcanhelp commented 5 years ago

@nileshtrivedi - If you're getting a callback error (it says that in the URL, not sure why it's not explaining that on the error page), then there is a difference between what you're passing to the login page and what you have saved as an allowed callback. If you walk through the Quickstart, you should be able to see where that differs.

As a comparison, my local (working) version has this as the callback in the initializer:

# config/initializers/auth0.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider(
    :auth0,
    ENV['AUTH0_RUBY_CLIENT_ID'],
    ENV['AUTH0_RUBY_CLIENT_SECRET'],
    ENV['AUTH0_RUBY_DOMAIN'],
    callback_path: '/auth/auth0/callback',
    authorize_params: {
      scope: 'openid profile email'
    }
  )
end

... and this in the routes:

# config/routes.rb
Rails.application.routes.draw do
  root to: 'home#show'
  get 'profile' => 'profile#show'

  get 'auth/auth0/callback' => 'auth0#callback'
  get 'auth/failure' => 'auth0#failure'
  get 'auth/logout' => 'auth0#logout'
end

Under Allowed Callback URLs for the Application in Auth0, I have http://localhost:3000/auth/auth0/callback. Those three come together to send the correct callback URL, verify it, and process the request.

Can you post the relevant code from those two files above so I can take a look?

Thanks! Can you

nileshtrivedi commented 5 years ago

Thanks @joshcanhelp . This is what I have:

# config/initializers/auth0.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  provider(
    :auth0,
    ENV['AUTH0_PUBKEY'],
    ENV['AUTH0_PRIVKEY'],
    ENV['AUTH0_DOMAIN'],
    callback_path: '/auth/auth0/callback',
    authorize_params: {
      scope: 'openid profile email'
    }
  )
end
# config/routes.rb
Rails.application.routes.draw do
  get 'auth/oauth2/callback' => 'auth0#callback'
  get 'auth/auth0/callback' => 'auth0#callback'
  get 'auth/failure' => 'auth0#failure'
end

In application settings:

Screenshot from 2019-07-31 16-59-04

nileshtrivedi commented 5 years ago

This is only happening for GitHub, btw. Twitter and Google login with Auth0 keys work fine. I tried changing callback_path value in initializers but the same error persists.

joshcanhelp commented 5 years ago

@nileshtrivedi - That was going to be my next question, whether you've tried other connections out. It sounds like your GitHub application is not configured correctly. Can you walk through the setup steps again and see if something is mis-configured there?

https://auth0.com/docs/connections/social/github

nileshtrivedi commented 5 years ago

@joshcanhelp As I mentioned in the issue title, I am using Auth0's dev keys (by leaving clientID and clientSecret blank). In my production environment, I use my own Github application which works completely fine. It's possible that Auth0's GitHub application is misconfigured. But only Auth0 team can verify that.

Screenshot from 2019-08-01 10-06-00

joshcanhelp commented 5 years ago

Interesting ... I'm trying that out on my end (with dev keys) and everything goes through OK. If you click Try on the Connection in the dashboard, does it complete successfully? This is what I get (as well as a successful login with a test application):

Screenshot 2019-08-05 14 24 20

nileshtrivedi commented 5 years ago

@joshcanhelp No, I get the same errors when using the Try option in Dashboard. I noticed something interesting though. In Auth0 dashboard -> Universal Login -> Experience, I can choose either "Classic" or "New". Here are the results (all providers using dev keys):

New: Google works. Twitter fails (tracking id: 71c3b8cd674e88c5c13d). GitHub fails (tracking id: 8ab9ee242c997b0e98a4).

Classic: Google Works. Twitter works. GitHub fails (tracking id: 13fcbfd90e6055c2f93b)

My tenant is in EU, so the my auth0 domain is mydomain.eu.auth0.com instead of mydomain.auth0.com. Could this be the cause of redirect URI mismatch failures?

nileshtrivedi commented 5 years ago

In that case, it isn't an omniauth-auth0 issue. @joshcanhelp Feel free to close this. I will figure out what the right place to report this is.

joshcanhelp commented 5 years ago

@nileshtrivedi - If you have a paid plan, go to support.auth0.com and fill out a ticket. I'll ask internally to see if there's a known issue or potential configuration change you can make.