Google redirect_uri_mismatch due to redirect_routes that is not https

[wehostadm]

Hi,

Google has changed its rules for Oauth2 redirect URI and we should now use https. I use Symfony 4 with your bundle and the configuration file is :

# https://github.com/knpuniversity/oauth2-client-bundle#configuration
knpu_oauth2_client:
    clients:
        google:
            type: google
            client_id: '%google_client_id%'
            client_secret: '%google_client_secret%'
            redirect_route: connect_check_login

In the security controller, the route is defined like this :

/**
     * @Route("/connect/check", schemes={"https"}, name="connect_check_login")
     */
    public function checkAction(Request $request)
    {
        // do nothing, it's catched by the guard authenticator
    }

However, it continues to generates an http route : http://localhost/connect/check

The result is a 400 error code form Google : redirect_uri_mismatch

How can I force to generate https://localhost/connect/check with https protocol ?

Thanks a lot

[jbelien]

I have the same issue with a custom provider that also requires HTTPS (if it's not localhost).

Issue is happening on Heroku: https://osm-welcome-tool.herokuapp.com/

Any idea how to fix this (or force HTTPS for redirect_uri) ? Thanks.

[jbelien]

I could fix this issue following the trusted proxies configuration : https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly

I hope it will help you too.

[DonCallisto]

This issue isn't related to the bundle, am I wrong? If not, please close this issue. Thanks.

[julbrs]

I confirm this is not an issue with the bundle, but we see it when we setup the bundle with google ;)

I confirm that the @jbelien workaround is probably the best one as you don't have to force the scheme for a particular route.

In my case I have a Symfony4 behind dokku, and I just have to add an environment variable:

TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR

To make it work.

[DonCallisto]

Ok. Can you close this, please?

[julbrs]

Ok. Can you close this, please?

I think that only the original author (@wehostadm) or mainteners of the bundle can close the case,

[DonCallisto]

Yeah sorry, thought it was you.

[lordjancso]

It looks like this issue is still not solved fully. How can I force the bundle to redirect a https url? For some clients like facebook the https redirect url is mandatory. Thank you for the help!

[weaverryan]

Closing - as mentioned, this is likely a misconfig of your trusted proxies config.

put simply: if your user is already on https on your site, symfony will generate https urls. If your user is on https and symfony is NOT generating https urls, then this is because symfony thinks the user is on http, and that’s caused by symfony not trusting the “X-Forwarded-Proto” header sent by a reverse proxy somewhere in your stack.