Redirect URI mismatch in Google Auth

I’m having a problem similar to the one at the end of this topic: Configuring Google login for Discourse, but in my case the error from Google says the URI in the request is the http version of my site, but since I am forcing the site to https that is the address I configured at Google. My Discourse site is proxied behind an Apache server, and Apache is set up to redirect http URLs to https, and I have force_https turned on in the Discourse settings.

Am I correct in assuming that the Google error indicates that Discourse is sending the http address instead of the https one for the redirect despite force_https being turned on? Is there some other setting I can turn on to change that?

I’ve tried adding the http URL to the client config at Google, and that let me get to the point of selecting a Google account and authorizing, but when it redirects back to my site it shows the “Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?” message. The error log has this error in it: “(google_oauth2) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected”. So it seems the Google auth is tagging the redirect from the http address back to the http address as a forgery attempt.

I’m seeing a similar error in the log from the GitHub auth, (redirect_uri_mismatch) so it seems it is probably sending the http address for the redirect_api there too.

Any suggestions?

Solved it! :joy: :man_dancing:

in case anybody else runs into this problem I found the solution here: [HELP] Cannot login, error shows "BAD CSRF"

I added this:

RequestHeader set X-Forwarded-Proto "https"

to the vhost config for the ssl site so the X-Forwarded-Proto header will be passed on to Discourse.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.