All,
Im getting a 400 redirect_url_mismatch error upon attempting to authenticate through google. I'm using python-socal-auth through a django application to achieve this process.
Everything works smoothly, until I get to the final stages of the process where I hit a redirect_uri_mismatch issue.
On google, I receive this message.
"The redirect URI in the request: http://localhost:8000/something/complete/google-oauth2/ did not match a registered redirect URI"
`Request Details
from_login=1
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
response_type=code
redirect_uri=http://localhost:8000/something/complete/google-oauth2/
state=qT1RLLMa72F8NxFFubHwCVe3GgLDNcgZ
as=-55f896f3314b21af
pli=1
client_id=160177117398
authuser=0
hl=en`
Included below is a screenshot of the client ID's redirect URI.
What am I doing wrong?
Thanks!
One thing to note here is that redirect url should be exactly same till the last trailing slash. In my case, it was like http://localhot:8000/something/complete/google-oauth2
This should have been
http://localhot:8000/something/complete/google-oauth2/
This resulted in redirect_uri_mismatch.
Also define http: and https: in the console for redirect url because redirect url generated by social auth still sends http regardless of ssl setting in your server.
Make sure you added the social-auth in the urls.py as
url('', include('social.apps.django_app.urls', namespace='social')),
and on console.developers.google.com set the Authorized redirect URIs to http://localhost:8000/something/complete/google-oauth2/
Related
There is some service that sends a POST request to our CRM, but it sends a request to the root url example.com
How do I redirect all requests from this service to a specific url example.com/webhooks/notifications/
Perhaps using nginx? or what other options? please suggest
Absolutely. You can use Nginx as reverse proxy in order to redirect requests to any url of your choice.
This tutorial might be what you need :
https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
i try to use the Quickstart sign-in of Microsoft using python.
Currently i have this in redirects URL: redirect url
and in my config file i have: Config file
i have not make any change in the others files but when i try to test i receive this message:
Error
how can i solve this issue?
Thanks!
This error usually occurs when the real redirect_uri doesn't match the reply url in Azure portal. You can track the auth request url to find the real redirect_uri. The request url is something like
https://login.microsoftonline.com/{tenant}/oauth2/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%3A12345 &response_mode=query &resource=https%3A%2F%2Fservice.contoso.com%2F &state=12345
After clicking sign in button and before inputting the account, you will find the request url.
The reply URL in the portal needs to match exactly what is configured in the application code. For example, https and http register differently, and a mismatch would cause this error. The application ID/Client ID and tenant IDs also need to match in both places.You need to change the port from 5000 to the effective one.
I also had this problem. I was using the link from flask to go to http://127.0.0.1:5000/ instead of getting http://localhost:5000/ in the browser. Although both these urls point to the site, only the the localhost url is recognized by the app registration.
I would like to use the python instagram api but am struggling over the correct setting for the redirect url.
I have been able to feed the authorize url in by hand into a browser and get a
token back in the return url. I that case; I set the URI to localhost (127.0.0.1)
Whenever I do this via the api I end up with 400 returns.
What I would really appreciate is
1) a working example
2) when running via a script; what should be listening for the server's response that contains the token in its url ?
Thanks for any and all help
I do a request to 'someurl' and have redirected. The redirect link does't exist, but in the link I have access_token and others important data. I like to get this redirect url with out program crash.
a = opener.open('https://connect.ok.ru/oauth/authorize?client_id=1247511808&scope=VALUABLE_ACCESS&response_type=token&redirect_uri=https://smasu.ru')
So, redirect to site smasu.ru, but this site does't exist. The link will have type as:
https://smasu.ru/#access_token=8.7fd19d96afcfc687b92bd50e2df6011837b94753e09f315818c0328e9&session_secret_key=363b5dd2ab1a1a44c25e423e892732ce&permissions_granted=VALUABLE_ACCESS&expires_in=1800
Where you can see acces_token, session_secret_key, that I want take for my program. How to do a request with ignore HTTP Error and get the redirect url?
Traceback:
I have a Django site that works well on a server using HTTPS protocol, I can use it with no problem with all kind of browsers.
The thing is that every time I try to use a text browser, I get a
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent.
This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS
connections, or for 'same-origin' requests.
Help
Reason given for failure:
Referer checking failed - no Referer.
I have tried links, lynx, even w3m and eww on emacs, to no avail.
When I use a HTTP site (like when I'm using the manage.py runserver) I can use the site on text browsers with no problem, but my production server needs a HTTPS protocol and that's when I get this error.
[ EDIT: just for testing purposes, I deployed an HTTP server for my django site on the production server. It works well on text browsers... ]
[ EDIT: given the message the server throws, why are Referer headers not been given? ]
Lynx is likely configured to not send the Referer header. Check /etc/lynx.cfg for "REFERER".
There are entries like NO_REFERER_HEADER. Make sure that's set to false. If that's not it, check around in that config for any other disabled referer headers.
Also related, the CSRF and Referer header debate: https://code.djangoproject.com/ticket/16870
Are you setting SECURE_PROXY_SSL_HEADER, SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE in your settings?
https://docs.djangoproject.com/en/1.7/topics/security/#ssl-https