search

directus / directus

The flexible backend for all your projects 🐰 Turn your DB into a headless CMS, admin panels, or apps with a custom UI, instant APIs, auth & more.
https://directus.io
Other
28.19k stars 3.92k forks source link

Invalid rediret url - Configuring Google OAuth for Directus #24020

Closed ssiva89 closed 1 week ago

ssiva89 commented 1 week ago

Describe the Bug

configured environment variable for google oauth integration with directus 11.1.2. i'm getting this below response when i try to login using google.

{
  "errors": [
    {
      "message": "Invalid payload. URL \"http://localhost:8055/admin/login?continue=\" can't be used to redirect after login.",
      "extensions": {
        "reason": "URL \"http://localhost:8055/admin/login?continue=\" can't be used to redirect after login",
        "code": "INVALID_PAYLOAD"
      }
    }
  ]
}

Environment variables configured:

AUTH_PROVIDERS: "google"
AUTH_GOOGLE_DRIVER: "openid"
AUTH_GOOGLE_CLIENT_ID: "XXXXXXXX" # Replace XXXX with the Client ID from Step 6
AUTH_GOOGLE_CLIENT_SECRET: "XXXXX" # Replace XXXX with the Client Secret from Step 6
AUTH_GOOGLE_ISSUER_URL: "https://accounts.google.com"
AUTH_GOOGLE_IDENTIFIER_KEY: "email"
AUTH_GOOGLE_ICON: "google"
AUTH_GOOGLE_LABEL: "Google"
AUTH_GOOGLE_REDIRECT_ALLOW_LIST: "http://localhost:8055/admin/login"
AUTH_GOOGLE_ALLOW_PUBLIC_REGISTRATION: "true" # This allows users to be automatically created on logins. Use "false" if you want to create users manually
AUTH_GOOGLE_DEFAULT_ROLE_ID: "XXXXXX"

To Reproduce

install docker create docker compose file with necessary environment variable (as mentioned above) Configuring Google OAuth for Directus (steps mentioned here : https://docs.directus.io/self-hosted/sso.html)
start the container Hit "localhost:8055" click on the "login with google"

Directus Version

v11.1.2

Hosting Strategy

Self-Hosted (Docker Image)

Database

No response

ComfortablyCoding commented 1 week ago

Can you confirm whether the PUBLIC_URL env is set? It is required for oauth to work, see https://github.com/directus/directus/issues/19331#issuecomment-1663796537

ssiva89 commented 1 week ago

@ComfortablyCoding , yes. tried as below,

PUBLIC_URL: "http://localhost:8055"

ComfortablyCoding commented 1 week ago

@ComfortablyCoding , yes. tried as below,

PUBLIC_URL: "http://localhost:8055"

Can you confirm the instance was restarted after the env variable was added? If so is their any additional configuration on googles side that was added but not outlined in the docs? I cannot reproduce this issue with the provided information, once the PUBLIC_URL variable is added it works as expected

ssiva89 commented 1 week ago

@ComfortablyCoding it worked now. thanks but end with this one.

2024-11-12 01:12:34 directus-1 | [19:42:34] GET /auth/login/google?redirect=http%3A%2F%2Flocalhost%3A8055%2Fadmin%2Flogin%3Fcontinue%3D 302 7ms 2024-11-12 01:12:54 directus-1 | [19:42:54.561] WARN: Invalid foreign key. 2024-11-12 01:12:54 directus-1 | err: { 2024-11-12 01:12:54 directus-1 | "type": "", 2024-11-12 01:12:54 directus-1 | "message": "Invalid foreign key.", 2024-11-12 01:12:54 directus-1 | "stack": 2024-11-12 01:12:54 directus-1 | DirectusError: Invalid foreign key. 2024-11-12 01:12:54 directus-1 | at extractError (file:///directus/node_modules/.pnpm/@directus+api@file+api_@types+node@22.7.5_@unhead+vue@1.11.7_vue@3.5.11_typescript@5.6.3___en_duledcsxwterzqzubwdazkocs4/node_modules/@directus/api/dist/database/errors/dialects/sqlite.js:25:16) 2024-11-12 01:12:54 directus-1 | at translateDatabaseError (file:///directus/node_modules/.pnpm/@directus+api@file+api_@types+node@22.7.5_@unhead+vue@1.11.7_vue@3.5.11_typescript@5.6.3___en_duledcsxwterzqzubwdazkocs4/node_modules/@directus/api/dist/database/errors/translate.js:29:28) 2024-11-12 01:12:54 directus-1 | at file:///directus/node_modules/.pnpm/@directus+api@file+api_@types+node@22.7.5_@unhead+vue@1.11.7_vue@3.5.11_typescript@5.6.3___en_duledcsxwterzqzubwdazkocs4/node_modules/@directus/api/dist/services/items.js:175:39 2024-11-12 01:12:54 directus-1 | "name": "DirectusError", 2024-11-12 01:12:54 directus-1 | "extensions": { 2024-11-12 01:12:54 directus-1 | "collection": null, 2024-11-12 01:12:54 directus-1 | "field": null 2024-11-12 01:12:54 directus-1 | }, 2024-11-12 01:12:54 directus-1 | "code": "INVALID_FOREIGN_KEY", 2024-11-12 01:12:54 directus-1 | "status": 400 2024-11-12 01:12:54 directus-1 | } 2024-11-12 01:12:54 directus-1 | [19:42:54] GET /auth/login/google/callback?state=6OEd7KrPteTMUmA&code=4%2F0AeanS0YznpWP49HqYe513FKaC8-vZ37h1SNKD2Dw0d3rMn9Qok1e9eL0A&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent 302 1.8s 2024-11-12 01:12:54 directus-1 | [19:42:54] GET /admin/login?reason=INVALID_FOREIGN_KEY 304 1ms

any idea?

ComfortablyCoding commented 1 week ago

Glad that worked. In terms of the new error I believe it is due to AUTH_GOOGLE_DEFAULT_ROLE_ID being incorrect/invalid. This variable expects a valid role UUID.

As the original reported issue has been resolved I will go ahead and close this issue.