Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong Login block redirect_uri with reverse proxied RockRMS #6124

Open
2 tasks done
tvinhas opened this issue Dec 11, 2024 · 1 comment
Open
2 tasks done

Wrong Login block redirect_uri with reverse proxied RockRMS #6124

tvinhas opened this issue Dec 11, 2024 · 1 comment

Comments

@tvinhas
Copy link

tvinhas commented Dec 11, 2024

Description

For some reason RockRMS is using http://wonder.church:80/login as the redirect_uri sent to Google for authentication but I have nowhere that set up in RockRMS. My entire site runs on https and Google won't let me add an http uri in production.
My login route says Login, I don't know why Rock is using lowercaps and http for the address.
Tried from multiple browsers and computers.

Here is the error detail:

Error 400: redirect_uri_mismatch

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.

If you're the app developer, register the redirect URI in the Google Cloud Console.
Request details: redirect_uri=http://wonder.church:80/Login flowName=GeneralOAuthFlow

Actual Behavior

RockRMS is passing the wrong redirect_uri based on some misbehavior of the GeneralOAuthFlow.

Expected Behavior

To RockRMS pass the proper redirect_uri to Google OAuth.

Steps to Reproduce

Issue Confirmation

  • Perform a search on the Github Issues to see if your bug or enhancement is already reported.
  • Reproduced the problem on a fresh install or on the demo site.

Rock Version

16.7

Client Culture Setting

en-US

@tvinhas tvinhas changed the title Google Authentication not working on 16.7 Beta and prior Login block redirect_uri doesn't detect proxied RockRMS Dec 11, 2024
@tvinhas
Copy link
Author

tvinhas commented Dec 11, 2024

I have just figured the problem out but I still think RockRMS isn't behaving as it should here.

redirect_uri is being formed based on IIS's bindings. I had my site set up on IIS serving port 80 only and have a reverse proxy in front of it handling https and sending everything to IIS's port 80. So technically the site is all under https but RockRMS doesn't know it.

I had to install a cert on IIS and change it to serve on the port 443 instead of 80. We should find another way to handle address discovering for redirect_uri in order to go around nontraditional installations.

@tvinhas tvinhas changed the title Login block redirect_uri doesn't detect proxied RockRMS Login block redirect_uri doesn't reverse proxied RockRMS Dec 11, 2024
@tvinhas tvinhas changed the title Login block redirect_uri doesn't reverse proxied RockRMS Wrong Login block redirect_uri with reverse proxied RockRMS Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants