search

bnoguchi / everyauth

node.js auth package (password, facebook, & more) for Connect and Express apps
http://everyauth.com/
3.49k stars 447 forks source link

OAuthException: redirect_uri isn't an absolute URI. #153

Open lancejpollard opened 12 years ago

lancejpollard commented 12 years ago

Hey,

Really looking forward to using everyauth, but I'm getting a strange error…

When I try to authenticate with Facebook on a top-level domain (example.com instead of www.example.com or docs.example.com), I am getting the OAuthException "redirect_uri isn't an absolute URI. Check RFC 3986.". The full terminal output is below (coming from the heroku logs):

2012-01-10T21:26:28+00:00 app[web.2]: 10.42.230.65 - - [Tue, 10 Jan 2012 21:26:28 GMT] "GET /auth/facebook HTTP/1.1" 200 - "http://somesite.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7"
2012-01-10T21:26:28+00:00 app[web.3]: 
2012-01-10T21:26:28+00:00 app[web.3]: /app/node_modules/everyauth/lib/modules/everymodule.js:352
2012-01-10T21:26:28+00:00 app[web.3]:   throw err;
2012-01-10T21:26:28+00:00 app[web.3]:   ^
2012-01-10T21:26:28+00:00 app[web.3]: Error: {"error":{"message":"redirect_uri isn't an absolute URI. Check RFC 3986.","type":"OAuthException"}}
2012-01-10T21:26:28+00:00 app[web.3]:     at [object Object].fail (/app/node_modules/everyauth/lib/promise.js:50:15)
2012-01-10T21:26:28+00:00 app[web.3]:     at EventEmitter.<anonymous> (/app/node_modules/everyauth/lib/modules/oauth2.js:184:11)
2012-01-10T21:26:28+00:00 app[web.3]:     at EventEmitter.emit (events.js:67:17)
2012-01-10T21:26:28+00:00 app[web.3]:     at EventEmitter._respond (/app/node_modules/restler/lib/restler.js:127:12)
2012-01-10T21:26:28+00:00 app[web.3]:     at EventEmitter._fireEvents (/app/node_modules/restler/lib/restler.js:131:52)
2012-01-10T21:26:28+00:00 app[web.3]:     at /app/node_modules/restler/lib/restler.js:115:19
2012-01-10T21:26:28+00:00 app[web.3]:     at IncomingMessage.<anonymous> (/app/node_modules/restler/lib/restler.js:113:32)
2012-01-10T21:26:28+00:00 app[web.3]:     at IncomingMessage.emit (events.js:81:20)
2012-01-10T21:26:28+00:00 app[web.3]:     at IncomingMessage.<anonymous> (/app/node_modules/restler/lib/restler.js:205:5)
2012-01-10T21:26:28+00:00 app[web.3]:     at HTTPParser.onMessageComplete (http.js:133:23)
2012-01-10T21:26:28+00:00 heroku[router]: Error H13 (Connection closed without response) -> GET somesite.com/auth/facebook/callback dyno=web.3 queue= wait= service= status=503 bytes=

The redirect uri I'm getting back from Facebook is:

http://somesite.com/auth/facebook/callback?code=AMB2O0wfoQSj87vmF3DL3Dv8agixnhlnSD25XOMgyWSMU4vZgBzfTbTwf4hyeYQEgDTbEKhLlkqT-rON4z7XwuBgGn0CRW7uKpgVIQwLkcowg8VSCe4WJ1Iwl7HmFPTnFv97XEazEBCRnPJZcFPQ2ZWNWX7VEhIYnc_91oSqbHUSj99_tu_bzLKcHoGaYiMg52Q#base_domain=somesite.com

Note: This only seems to be happening on top-level domains, and seems to be happening sporadically -- every now and then it works. It works locally and on a heroku subdomain like myapp.herokuapp.com, so I'm not entirely sure...

I'm not entirely sure if this is an everyauth issue, but do you have any ideas or experience with this? Thanks for your help.

diversario commented 12 years ago

Happens to me too, can't figure out what triggers it.

gilad61 commented 12 years ago

I just had the same issue and found the problem:

After you get the code from facebook everyauth has another step called 'getAccessToken' which makes another request to facebook on "https://graph.facebook.com/oauth/access_token?redirect_uri=. In order to build the redirect_uri this step assumes that the property "myHostName" has already been set in the previous steps. But if you run in a load balanced environment or has multiple instances, myHostName may be undefined at this stage, and so the redirect_uri is invalid.

Setting myHostName at the beginning of getAccessToken step fixed the issue for me.

josser commented 11 years ago

Please, oh, please, merge thi :) I have the same issue, as gilad61 talking about. My app is hosted on heroku and time-to-time I'm getting this nasty error. Issue appears only if two or more dyno's are enabled. On one dyno everything is ok.

asci commented 11 years ago

I have the same issue too. I use cluster and 4 forks of script. How I can get round this problem? Can I save myHostName data in Redis store?

asci commented 11 years ago

I'm resolved my problem by using passportjs instead everyauth.