Google Identity Provider and missing_redirect_uri
-
I've configured FA with Google as an Identity Provider and when I try to log in using Google sign-in button I get the following error in FusionAuth: "The request is missing a required parameter: redirect_uri".
It seems the issue is with the query string parameters being encoded in some strange way. I've found a SO topic: https://stackoverflow.com/questions/57817229/callback-after-google-login-throwing-error-in-fusionauth but it is not clear to me why it happens and what to do.
Below is the detailed description of the issue:
-
User visits the application: https://company.local
-
User is redirected to FusionAuth at https://auth.company.local with the following URL:
https://auth.company.local/oauth2/authorize?response_type=code&client_id=3400cdea-a571-47f1-8ddb-53cd97dca0c7&redirect_uri=https%3A%2F%2Fcompany.local%2Faccount%2Floggedin%2F&scope=openid+profile+email&state=eCKswp4Ey9QlP6IKSO9yx489RSZL5B -
User clicks Login with Google button - popup with the following URL opens:
https://accounts.google.com/signin/oauth/identifier?redirect_uri=storagerelay%3A%2F%2Fhttps%2Fauth.company.local%3Fid%3Dauth79207&response_type=permission id_token&scope=email profile openid&openid.realm&client_id=893947843790-082nmgu907c7ff4de6sis3aqbj9pvs52.apps.googleusercontent.com&ss_domain=https%3A%2F%2Fauth.company.local&fetch_basic_profile=true&gsiwebsdk=2&o2v=1&as=2sT8ucIey-_EVmp3SOvNTw&flowName=GeneralOAuthFlow -
User logs in with Google and is redirected back to FusionAuth using the following URL:
https://auth.company.local/oauth2/callback?token=<TOKEN_CUT_HERE>&identityProviderId=82339786-3dff-42a6-aac6-1f1ceecb6c46&state=client_id%3D3400cdea-a571-47f1-8ddb-53cd97dca0c7%26code_challenge%3D%26code_challenge_method%3D%26metaData.device.name%3DLinux%2520Chrome%26metaData.device.type%3DBROWSER%26nonce%3D%26redirect_uri%3Dhttps%253A%252F%252Fcompany.local%252Faccount%252Floggedin%252F%26response_mode%3D%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%3DeCKswp4Ey9QlP6IKSO9yx489RSZL5B%26tenantId%3Dd617561c-0946-b874-f878-b3433552bce4%26timezone%3DEurope%252FWarsaw%26user_code%3D
This gives the error in FA:
{
"error" : "invalid_request",
"error_description" : "The request is missing a required parameter: redirect_uri",
"error_reason" : "missing_redirect_uri"
}Seems clear that something strange happens after: &state=client_id but why is that? What is wrong?
-
-
This is a duplicate of GitHub Issue #553. The fix is to upgrade to version >= 1.15.8.
-
Hiya,
A few questions:
- What version of FusionAuth are you using?
- Is company.local accessible from the internet or just your local network?
- Did you follow all the instructions here: https://fusionauth.io/docs/v1/tech/identity-providers/google (I expect so from the details you shared, just confirming)
Thanks,
Dan -
Hi
- FusionAuth - version 1.15.7
- company.local and auth.company.local are my local addresses (/etc/hosts)
- I've followed the instructions about adding Google IdP
As I'm switching from the old solution to Fusion Auth I already have a Google sign-in button implemented (JavaScript) and it works correctly with company.local domain there.
-
Hi.
I'm not sure what's going on. I filed a bug in GitHub issues:
https://github.com/FusionAuth/fusionauth-issues/issues/651
Please feel free to add any addition context (browsers used, etc) that you feel might be helpful.
Sorry I can't help more.
-
This is a duplicate of GitHub Issue #553. The fix is to upgrade to version >= 1.15.8.
-
I can confirm it works properly in the latest version. Thank you very much for the quick help!