github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-16 05:02:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

OAuth2+Github redirect_uri mismatch #1678

New Issue
Closed
opened 2025-11-02 04:09:18 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 04:09:18 -06:00
Owner
Copy Link

Originally created by @jakimfett on GitHub (Apr 4, 2018).

Abstract

OAuth2 documentation needs configuration details.

Description

When configuring the OAuth2 authentication method for Github, a user is redirected to:
/user/oauth2/<authname>/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch
with a 500 error.

The problem appears to be with the callback URI not matching the redirect_uri, but I've followed the URI nomenclature from admin/auths/new.

I've set the relevant bits (eg, DISABLE_REGISTRATION = false and ENABLE_REVERSE_PROXY_AUTHENTICATION = true) in my custom/conf/app.ini, and there doesn't seem to be anything in the cheat sheet or authentication sections of the documentation about this issue, and no place to set the redirect URI from the web interface.

Ideally, this would get closed after the documentation is updated providing an entry for OAuth2 config FAQ and the 'known good' configuration would be recorded in the docs (ideally with the other auth stuff).

I can PR the docs, I just need to know why this seemingly-straighforward thing is being problematic.

Screenshots

2018 04 04 1511 47
2018 04 04 1513 13
2018 04 04 1519 58

Server Details

  • Gitea version (or commit ref): 1.4.0+3-g641d481c
  • Git version: 2.11.0
  • Operating system: Debian GNU/Linux 9 (stretch)
  • Database (use [x]):
    • PostgreSQL
    • MySQL (mariadb)
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log:
    2018/04/04 22:19:25 [I] Log Mode: File(Trace)
    2018/04/04 22:19:25 [I] XORM Log Mode: File(Trace)
    2018/04/04 22:19:25 [I] Cache Service Enabled
    2018/04/04 22:19:25 [I] Session Service Enabled
    2018/04/04 22:19:25 [I] Git Version: 2.11.0
    2018/04/04 22:19:25 [T] Doing: CheckRepoStats
    2018/04/04 22:19:25 [T] Doing: ArchiveCleanup
    2018/04/04 22:19:25 [T] Doing: DeletedBranchesCleanup
    2018/04/04 22:19:25 [I] Run Mode: Production
    2018/04/04 22:19:25 [I] Listen: https://0.0.0.0:<port,redacted>
    2018/04/04 22:19:25 [I] LFS server enabled
    2018/04/04 22:19:31 [D] Session ID: cde9
    2018/04/04 22:19:31 [D] CSRF Token: ==
    2018/04/04 22:19:31 [D] Template: user/auth/signin
    2018/04/04 22:19:32 [D] Session ID: cde9
    2018/04/04 22:19:32 [D] CSRF Token: ==
    2018/04/04 22:19:33 [D] Session ID: cde9
    2018/04/04 22:19:33 [D] CSRF Token: ==
    2018/04/04 22:19:33 [...routers/user/auth.go:407 handleOAuth2SignIn()] [E] UserSignIn: Invalid token received from provider
    2018/04/04 22:19:33 [D] Template: status/500
Originally created by @jakimfett on GitHub (Apr 4, 2018). ## Abstract OAuth2 documentation needs configuration details. ## Description When configuring the OAuth2 authentication method for Github, a user is redirected to: `/user/oauth2/<authname>/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch` with a 500 error. The problem appears to be with [the callback URI not matching the `redirect_uri`](https://developer.github.com/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch), but I've followed the [URI](https://github.com/go-gitea/gitea/blob/release/v1.4/templates/admin/auth/new.tmpl#L91) nomenclature [from `admin/auths/new`](https://github.com/go-gitea/gitea/blob/release/v1.4/options/locale/locale_en-US.ini#L1347). I've set the relevant bits (eg, `DISABLE_REGISTRATION = false` and `ENABLE_REVERSE_PROXY_AUTHENTICATION = true`) in my custom/conf/app.ini, and there doesn't seem to be anything in the [cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) or [authentication](https://docs.gitea.io/en-us/authentication/) sections of the documentation about this issue, and no place to set the redirect URI from the web interface. Ideally, this would get closed after the documentation is updated providing an entry for OAuth2 config FAQ and the 'known good' configuration would be recorded in the docs (ideally with the other auth stuff). I can PR the docs, I just need to know why this seemingly-straighforward thing is being problematic. ## Screenshots ![2018 04 04 1511 47](https://user-images.githubusercontent.com/2565176/38337669-24698ca8-381b-11e8-95c6-a71c5f866284.png) ![2018 04 04 1513 13](https://user-images.githubusercontent.com/2565176/38337831-dba230dc-381b-11e8-8b99-b0286a359575.png) ![2018 04 04 1519 58](https://user-images.githubusercontent.com/2565176/38337832-dbc7e55c-381b-11e8-8b7c-fe1ea841c95b.png) ## Server Details - Gitea version (or commit ref): 1.4.0+3-g641d481c - Git version: 2.11.0 - Operating system: Debian GNU/Linux 9 (stretch) - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL (mariadb) - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [x] No - [ ] Not relevant - Log: 2018/04/04 22:19:25 [I] Log Mode: File(Trace) 2018/04/04 22:19:25 [I] XORM Log Mode: File(Trace) 2018/04/04 22:19:25 [I] Cache Service Enabled 2018/04/04 22:19:25 [I] Session Service Enabled 2018/04/04 22:19:25 [I] Git Version: 2.11.0 2018/04/04 22:19:25 [T] Doing: CheckRepoStats 2018/04/04 22:19:25 [T] Doing: ArchiveCleanup 2018/04/04 22:19:25 [T] Doing: DeletedBranchesCleanup 2018/04/04 22:19:25 [I] Run Mode: Production 2018/04/04 22:19:25 [I] Listen: https://0.0.0.0:<port,redacted> 2018/04/04 22:19:25 [I] LFS server enabled 2018/04/04 22:19:31 [D] Session ID: <redacted>cde9 2018/04/04 22:19:31 [D] CSRF Token: <redacted>== 2018/04/04 22:19:31 [D] Template: user/auth/signin 2018/04/04 22:19:32 [D] Session ID: <redacted>cde9 2018/04/04 22:19:32 [D] CSRF Token: <redacted>== 2018/04/04 22:19:33 [D] Session ID: <redacted>cde9 2018/04/04 22:19:33 [D] CSRF Token: <redacted>== 2018/04/04 22:19:33 [...routers/user/auth.go:407 handleOAuth2SignIn()] [E] UserSignIn: Invalid token received from provider 2018/04/04 22:19:33 [D] Template: status/500
GiteaMirror added the type/question label 2025-11-02 04:09:18 -06:00
GiteaMirror commented 2025-11-02 04:09:19 -06:00
Author
Owner
Copy Link

@hnsr commented on GitHub (May 29, 2018):

What's your ROOT_URL set to? I ran into the same problem (including the somewhat misleading 'Invalid token received...' error), but found out I had my ROOT_URL set to http://foo, while I had actually already moved it to https via apache httpd (which is reverse proxying to gitea). Changing my ROOT_URL to https://foo fixed the issue

@hnsr commented on GitHub (May 29, 2018): What's your ROOT_URL set to? I ran into the same problem (including the somewhat misleading 'Invalid token received...' error), but found out I had my ROOT_URL set to http://foo, while I had actually already moved it to https via apache httpd (which is reverse proxying to gitea). Changing my ROOT_URL to https://foo fixed the issue
GiteaMirror commented 2025-11-02 04:09:19 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Jul 21, 2018):

Closing, please re-open if you still experience this.

@techknowlogick commented on GitHub (Jul 21, 2018): Closing, please re-open if you still experience this.
GiteaMirror commented 2025-11-02 04:09:19 -06:00
Author
Owner
Copy Link

@teotikalki commented on GitHub (Mar 20, 2019):

I came here because I experienced this and found that the answer from @hnsr solved my problem.
However, I didn't find a way to change my ROOT_URL from the frontend (there really should be).

@teotikalki commented on GitHub (Mar 20, 2019): I came here because I experienced this and found that the answer from @hnsr solved my problem. However, I didn't find a way to change my ROOT_URL from the frontend (there really should be).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1678
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?