Code Monkey home page Code Monkey logo

Comments (7)

tacman avatar tacman commented on August 25, 2024 2

I think I've figured it out. Related to symfony/symfony#37980.

Once I added TRUSTED_PROXIES, not only did I get the debug toolbar but my redirect was correct and I logged in locally as expected!

from oauth2-client-bundle.

bocharsky-bw avatar bocharsky-bw commented on August 25, 2024 1

Ngrok should help with forwarding a temporary real URL to your localhost app - that's good for debugging and development, but there're also many alternatives to ngrok over the internet.

from oauth2-client-bundle.

bocharsky-bw avatar bocharsky-bw commented on August 25, 2024

Hey @tacman , isn't the target URL is something that should be specified on the third-party provider side? I.e. in the GitHub/Facebook/Google app configuration? To me it sounds like you specify redirect URL with http instead of https that might be kind of OK if we're talking about debugging/development. Or could please link to the code where we force this http on our side?

from oauth2-client-bundle.

tacman avatar tacman commented on August 25, 2024

I'll dig in some more to reproduce it. I'm just setting the path, but it looks like it should return https.

Question: What do you use to test logging in with google? I can't put https://oauth-demo.wip in as the redirect URL, so I probably need to set up some sort of proxy that redirects to my local machine.

from oauth2-client-bundle.

tacman avatar tacman commented on August 25, 2024

Thanks. No matter what I do, I can't get login with Google to work.

Using ngrok, I get through authorizing my account, then when it redirects back, I get

Error fetching OAuth credentials: "redirect_uri_mismatch".

The ngrok logs

                                                                                                                                           
GET /auth/connect/controller/google 403 Forbidden                                                                                                                                             
GET /auth/social_login/google       200 OK                                                                                                                                                    
GET /auth/social_login/google       500 Internal Server Error

The PHP logs

[Application] Feb 25 16:53:29 |DEBUG  | APP    Notified event "Symfony\Component\Security\Http\Event\LoginFailureEvent" to listener "Symfony\Component\Security\Http\EventListener\RememberMeListener::clearCookie". event="Symfony\\Component\\Security\\Http\\Event\\LoginFailureEvent" listener="Symfony\\Component\\Security\\Http\\EventListener\\RememberMeListener::clearCookie"
[Application] Feb 25 16:53:29 |DEBUG  | SECURI The "Survos\AuthBundle\Security\Authenticator" authenticator set the response. Any later authenticator will not be called authenticator="Survos\\AuthBundle\\Security\\Authenticator"
[PHP        ] [Sun Feb 25 10:53:29 2024] 127.0.0.1:34590 [403]: GET /auth/connect/controller/google?state=d0223926fa02e06844a7ebdb4cc29556&code=4%2F0AeaYSHD_Bgaedg32IMV_wzsCtCmDHgn3GfPNhDH0_7ymuoNIxh-EOXik6AVCugeLWfwBeA&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent
[PHP        ] [Sun Feb 25 10:53:29 2024] 127.0.0.1:34590 Closing
[Web Server ] Feb 25 10:53:29 |WARN   | SERVER GET  (403) /auth/connect/controller/google?state=d0223926fa02e06844a7ebdb4cc29556&code=4%2F0AeaYSHD_Bgaedg32IMV_wzsCtCmDHgn3GfPNhDH0_7ymuoNIxh-EOXik6AVCugeLWfwBeA&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent ip="127.0.0.1"

image

Alas, I'm stuck and don't know how to debug this. It's not making it to "connect", as I have a dd() there, so it must be generating that error within a listener.

https://c388-187-244-120-218.ngrok-free.app/auth/connect/controller/google?state=d0223926fa02e06844a7ebdb4cc29556&code=4%2F0AeaYSHAxaiMhMiQqSTQSig2fMAcKC831jGmrMPd7s_M_7tgOecXKbN-VQHdn8Fg9AWUx8A&scope=email+profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=consent

                                Any suggestions?  Or even pointing me to a working github repo, I'll clone it and add my own keys just to get something to work.

Thanks.

from oauth2-client-bundle.

tacman avatar tacman commented on August 25, 2024

After an embarrassingly long time investigating, the issue is somewhere in here, AbstractProvider.php

    public function createProvider($class, array $options, ?string $redirectUri = null, array $redirectParams = [], array $collaborators = [])
    {
        if (null !== $redirectUri) {
            $redirectUri = $this->generator
                ->generate($redirectUri, $redirectParams, UrlGeneratorInterface::ABSOLUTE_URL);

            $options['redirectUri'] = $redirectUri;
        }

The generator at this point is CompiledUrlGenerator, which generates http rather than https.

Any suggestions?

from oauth2-client-bundle.

tacman avatar tacman commented on August 25, 2024

My solution is to force https

    /**
     * Creates a provider of the given class.
     *
     * @param string $class
     */
    public function createProvider($class, array $options, ?string $redirectUri = null, array $redirectParams = [], array $collaborators = [])
    {
        if (null !== $redirectUri) {
            $redirectUri = $this->generator
                ->generate($redirectUri, $redirectParams, UrlGeneratorInterface::ABSOLUTE_URL);
            $redirectUri = str_replace('http:','https:', $redirectUri);

            $options['redirectUri'] = $redirectUri;
        }

        return new $class($options, $collaborators);
    }

There's likely a better way, but I don't know what it is.

from oauth2-client-bundle.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.