OAuth2 redirect url issues (is that routing?)

1

Hey folks,

I keep getting a wrong redirect_url from Identity provider during authentication step.
I checked encoding it’s correct and url decoded version does match the other side.

2024-01-23T11:51:29Z app[9185d56b37d283] sjc [info]D, [2024-01-23T11:51:29.813011 #306] DEBUG -- : [578c1f4f-ea7c-4732-8dca-068ee143af6d] The redirect https://balancebots.fly.dev/users/auth/intuit/callback

Which results in properly structured

GET /connect/oauth2?client_id=<my-client-id>&redirect_uri=https%3A%2F%2Fbalancebots.fly.dev%2Fusers%2Fauth%2Fintuit%2Fcallback&response_type=code&scope=com.intuit.quickbooks.accounting&state=<state>

In fact, I ran the same container locally and used ngrok to try reproducing this issue. However, OAuth worked fine with ngrok.

It seems to be a running theme with render.io as well.

Is there any weird routing at the edge that I should be aware of? Or I am just going insane?

2

Hey,

Are you using an OAuth2 provider (such as Laravel Socialite) … or rolled your own? Only there may be some docs about it, if other people find the same. Especially if you find the same on other cloud providers, which would suggest it’s not Fly-specific.

The URL looks ok to me but yes, it has to exactly match what is expected/registered, so that would be the first thing I’d check

The server should reject any authorization requests with redirect URLs that are not an exact match of a registered URL.

3

I see this is tagged with Rails. Check config/environments/production.rb for

# config.assume_ssl = true 

config.force_ssl = true

And try setting both to true (by uncommenting out the first one)

4

Thanks for such a prompt response, Greg!

Yeah, I did verify the URL a few times and even sanitised it to ensure no unreadable chars snuck in before pasting it into Intuit’s dashboard.

The provider I am using is Intuit. This is a QuickBooks app.

With the first suggestion on redirects, I used burpsuite proxy on both ngrock and fly, there is no difference on the way out.

I wonder if that has to do tls. Will look into your suggestion shortly. However, this up does force ssl.

1 Like
5

Same story with both uncommented. :frowning:

6

@andrewshatnyy It’s beyond my Rails experience I’m afraid but you are in good hands with @rubys .

Could it be using a redirect uri set up for sandbox … in production, or vice versa :thinking:? That was my other total guess, at least based on the screenshot in here.

7

Thank you for your help. It’s been massive so far, comparing to other Intuit support :slight_smile:

My app is still in sandbox, Intuit needs full blown verification for production. Weirdly I am why would the

I’ll give read throng the linked git-repo… Thank you :pray:

8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.