warpgate icon indicating copy to clipboard operation
warpgate copied to clipboard

Published 20 hours ago verified publisher icon warp-tech

Erreur 400 : redirect_uri_mismatch / since 0.9.x

Open herewithme opened this issue 1 year ago • 4 comments

Hello,

Thank you for this open-source project.

We have a problem since version 0.9.0 and 0.9.1 SSO authentication has a Google error: redirect_uri_mismatch

We didn't have this problem before the 0.8.x branch.

Any ideas?

herewithme avatar Jan 28 '24 00:01 herewithme

We don't have this problem with version 0.8.1.

herewithme avatar Jan 28 '24 00:01 herewithme

In version 0.8.1, the Google link is : https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=XXX.apps.googleusercontent.com&state=XXX&code_challenge=XXX&code_challenge_method=S256&redirect_uri=https://mybastion.url/@warpgate/api/sso/return&scope=openid+email&nonce=XXX

In version 0.9.x, the link is changed to : https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=XXX.apps.googleusercontent.com&state=XXX&code_challenge=XXX&code_challenge_method=S256&redirect_uri=https://mybastion.url:66718/@warpgate/api/sso/return&scope=openid+email&nonce=XXX

The particularity is that we have a port in the URL of the warpgate web interface, which disappeared with the latest update!

Bug or feature?

herewithme avatar Jan 28 '24 00:01 herewithme

If you have a proxy in front of Warpgate that sets X-Forwarded-* headers, set http.trust_x_forwarded_for to true in the config file.

Eugeny avatar Jan 28 '24 08:01 Eugeny

@Eugeny thanks for your reply

We don't use a reverse proxy, we make a direct call to warpgate.

I try to add this conf value

http:
  enable: true
  trust_x_forwarded_for: true
  listen: "0.0.0.0:66718"

It doesn't work any better.

herewithme avatar Jan 29 '24 10:01 herewithme

Thanks @Eugeny !

herewithme avatar Jul 27 '24 09:07 herewithme