OAUTH ERROR The requested redirect uri is malformed or doesn't match client redirect URI.

[mkanet]

Hi, thank you for all your hard work maintaining and supporting this great integration.

Home Assistant URL: My home assistant instance is accessible from anywhere in the world (including from within my LAN) via https://homeassistant.mydomain.com (I renamed my actual domain name). There are several users in my family that access this Home Assistant instance via their mobile companion apps (using the same URL as above). It also works great via web browsers.

On the trakt website, I have the redirect uri set to: https://homeassistant.mydomain.com/auth/external/callback. I have also tried https://homeassistant.mydomain.com:443/auth/external/callback (per this repo's readme).

ISSUE: When I try to add the trakt integration via Home Assistant config_flow; specifying my trakt client_id and client_secret, it tries to open the below URI in my web browser _(I renamed _clientid and state values in the URI below)_:

https://trakt.tv/oauth/authorize?response_type=code&client_id=xxxxxxxxxxxxxxxxxxxxxxxx&redirect_uri=https://my.home-assistant.io/redirect/oauth&state=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

...in the web browser it displays:

I am not sure why the redirect_uri displayed in the web browser's address bar: https://my.home-assistant.io/redirect/oauth (see above) does NOT match the one I specified on the Trakt website: https://homeassistant.mydomain.com/auth/external/callback. I am guessing that this clue has something to do with the issue.

configuration.yaml

trakt_tv:
  language: en
  timezone: America/Los_Angeles
  sensors:
    upcoming:
      show:
        days_to_fetch: 30
        max_medias: 10
      movie:
        days_to_fetch: 45
        max_medias: 5
    recommendation:
      show:
        max_medias: 3
      movie:
        max_medias: 3

My NGINX configuration below has worked flawlessly for many years with countless integrations and addons without any access-related issues; even websockets are handled correctly. I am really hoping you might know what I'm missing.

NGINX config:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name homeassistant.mydomain.com;

    location / {
        proxy_pass http://192.168.1.101:8123;
        proxy_set_header X-Forwarded-Path $request_uri;
        include ./conf/proxy.conf;
    }

    location /glances/ {
        rewrite /glances/(.*) /$1 break;
        proxy_pass http://192.168.1.22:61228/;
        include ./conf/proxy.conf;
    }

    location /api/websocket {
        proxy_pass http://192.168.1.101:8123/api/websocket;
        include ./conf/proxy.conf;
    }

    location /auth/external {
        proxy_pass http://192.168.1.101:8123/auth/external;
        proxy_set_header X-Forwarded-Path $request_uri;
        include ./conf/proxy.conf;
    }

    location /auth/external/callback {
        proxy_pass http://192.168.1.101:8123/auth/external/callback;
        include ./conf/proxy.conf;
    }
}

proxy.conf:

port_in_redirect off;
proxy_http_version  1.1;
proxy_cache_bypass                  $http_upgrade;
proxy_set_header Upgrade            $http_upgrade;
proxy_set_header Connection         $connection_upgrade;
proxy_set_header Accept-Encoding    "";
proxy_set_header Host               $host;
proxy_set_header X-Real-IP          $remote_addr;
proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto  $scheme;
proxy_set_header X-Forwarded-Host   $host;
proxy_set_header X-Forwarded-Port   $server_port;
proxy_set_header Sec-Websocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-Websocket-Key $http_sec_websocket_key;
proxy_set_header Sec-Websocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-Websocket-Version $http_sec_websocket_version;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffers 512 512k;
proxy_buffer_size 512k;
proxy_busy_buffers_size 512k;

One more important clue: On the trakt website, if I click on the green Authorize button below...

...it will try to open the URI below in my web browser:

https://homeassistant.mydomain.com/auth/external/callback?code=e16c4afbedb84cd953b31acc5e1136e8a79ba8xxxxxxxxxxxxxxxxxxxxxxx

...and display only the following text in the web browser: Missing state parameter

PS: There are no errors or warnings in my home assistant log when trying to add the integration via config_flow.

[mkanet]

Hi @dylandoamaral did you confirm that this is a bug? I'm not sure what to try next.

[dylandoamaral]

Hello @mkanet first thank you because your issue is very precise and clear.

To be honest, many people have this kind of issue, but it is hard for me to debug because I can't reproduce it in my environment.

The only thing I can advise you, is to use in the trakt website the redirect URI "https://my.home-assistant.io/redirect/oauth" just to try.

There are many closing issues about this subject, such as https://github.com/dylandoamaral/trakt-integration/issues/31. I hope it will work for you.

Didn't have much time, but I will try to refocus on the project soon.

[mkanet]

Thank you for responding. I'll take a look at https://github.com/dylandoamaral/trakt-integration/issues/31 and try some of the suggestions there. Hopefully one of the suggestions help me to get this working.

[mkanet]

Thank you so much @dylandoamaral I used the redirect url: https://my.home-assistant.io/redirect/oauth from https://github.com/dylandoamaral/trakt-integration/issues/31 It prevented the OAUTH ERROR; and, said successfully authenticated and added respective trakt sensors with respective attributes to Home Assistant*

Hopefully, this issue that I opened might help someone in the future.

Thank you again for your time and help.