Open Closed

500 Internal Server Error: Invalid redirect_uri #1951


User avatar
0
Neozzz created

Hi,

I've put 2 microservices for testing into a docker container that uses mongodb. Authorization works there. I have used the same config in the appsettings.json for dbmigrator and apihost projects for my current project that uses ef core. However when I try to authorize the request I am getting the below error:

I have checked the IdentityServerClients and redirecturis tables and I could find the relevant entries with the testing internal domain name but still I get the error. Since reproducing this at your end might be difficult, please let me know if you guys could take remote and see.

Thank you,

  • ABP Framework version: v4.4.0
  • UI type: Swagger
  • DB provider: EF Core

12 Answer(s)
  • User Avatar
    0
    enisn created
    Support Team .NET Developer

    Are you working on your local or did you deployed them into a server and you're accessing them via IP or a domain?

    Please check AllowedRedirectUris parameter is 'http://localhost/signin-oidc' or 'http://yourdomain.com/signin-oidc'.


    If you're sure about IdentityServer Client configuration, the problem might be protocol issue. Incoming requests are always http if pods are communicating behind load balancer.

    Try to add following line into OnApplicationInitialization method in your each Service Module class.

    app.Use((context, next) =>
    {
        context.Request.Scheme = "https";
        return next();
    });
    

    See more about running behind load balancer

  • User Avatar
    0
    Neozzz created

    the same setup is being used for other 2 containers that runs using mongodb. authorization works there.

    I am authorizing via swagger. No http traffic is allowed. It's happening over https.

    I didnt see the signin-oidc url. the connection is going to connect/authorize and the redirect_uri parameter is the same as the originating swagger url.

  • User Avatar
    0
    Neozzz created

    hi enisn,

    please update.

    thanks :)

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Invalid_Redirect_Uri error means your Redirect Uri is not matching with the one you already have in database for this application (client). Check the identityserver logs for more information. Probably related with your environment configuration.

    We are not available for remote sessions most of the time, please share a repo or detailed logs so that any of us available can check and help within the shorted time period available. It will also help other members in the future if they come across the same issue.

  • User Avatar
    0
    Neozzz created

    As i have mentioned earlier the values in db in tables "IdentityServerClients" are as same as that in the browser. Usually I share the repo access, but since this particular situation requires us to dial into our vpn and contact remote server with local domain name as container is in remote VM, I requested for remote session as this issue is tied to that.

    But if you insist I'll share the code, please share your github email.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    As i have mentioned earlier the values in db in tables "IdentityServerClients" are as same as that in the browser.

    The problem is not related with IdentityServerClients, it is about ClientRedirectUris.

    Please share related identityserver logs.

    Since it is related with data, I can not help with looking at code. You need to check the database. Or, simply: Navigate to Administration -> IdentityServer -> Clients Actions -> Edit the Application you are having problem with (you can see that in identityserver log also) -> Application Urls -> Callback Add your production environment redirect uri as well.

  • User Avatar
    0
    Neozzz created

    Is there any way to add this in program? Like in appsettings? We only have the api project right now. the ui project is not being tested as of now.

    Thanks

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Please share identity server logs.

    Is there any way to add this in program?

    What do you mean by this?

    You can update identityserver data seeder and run dbmigrator. Or manually add/edit AbpClientRedirectUris table.

    Also did I mention about sharing related identity server logs which is the suggested way to troubleshoot identityserver related errors by identityserver team itself?

  • User Avatar
    0
    Neozzz created

    We're using a non tiered version of the abp project template, In this case will we have a separate log for identity? Or is it enough that i share the logs file? If so, click here to view the application logs. If not, please let me know from where to get it.

    Thanks

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    It seems your environment is 2021-10-06 12:02:43.701 +00:00 [INF] Hosting environment: Development and you are using dns (zoolworks).

    2021-10-06 13:37:22.524 +00:00 [ERR] Invalid redirect_uri: https://zoolworks:44337/swagger/oauth2-redirect.html {"ClientId":"LeaveMgmtSvc_Swagger","ClientName":"LeaveMgmtSvc_Swagger","RedirectUri":null,"AllowedRedirectUris":["https://localhost:44337/swagger/oauth2-redirect.html"],"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"LeaveMgmtSvc_Swagger","redirect_uri":"https://zoolworks:44337/swagger/oauth2-redirect.html","scope":"LeaveMgmtSvc","state":""}

    Your LeaveMgmtSvc_Swagger client has allowed https://localhost:44337/swagger/oauth2-redirect.html redirect uri however you are making request with a configuration containing https://zoolworks:44337/swagger/oauth2-redirect.html

    So you need to add https://zoolworks:44337/swagger/oauth2-redirect.html to AbpClientRedirectUris table where ClientId is the id of LeaveMgmtSvc_Swagger.

  • User Avatar
    0
    Neozzz created

    its already there

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Then you are looking to wrong database. There is supposed to be an already record for that client with https://localhost:44337/swagger/oauth2-redirect.html data.

    Check your database connection string.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38