FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    invalid_redirect_uri

    Scheduled Pinned Locked Moved
    General Discussion
    0
    32
    109.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      richb201 @dan
      last edited by richb201

      @dan Thanks Dan. I really just need 2 mins of support. Can you tell me what log to look into to see the issue? I have http:// already in the URI.
      Here is what I see in the dockerlog for the fusionAuth container:

      2021-05-06 7:15:54.736 AM WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection com.mysql.cj.jdbc.ConnectionImpl@50b27d35 (No operations allowed after connection closed.). Possibly consider using a shorter maxLifetime value.
2021-05-06 7:15:54.738 AM ERROR com.inversoft.scheduler.LogAndRetainFailureHandler - The scheduled service [class io.fusionauth.api.service.system.NodeManager] failed but will be re-run.
org.apache.ibatis.exceptions.PersistenceException: 
### Error querying database.  Cause: java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 2024ms.
### The error may exist in io/fusionauth/api/domain/FusionAuthNodeMapper.xml
### The error may involve io.fusionauth.api.domain.FusionAuthNodeMapper.retrieveAll
### The error occurred while executing a query

      and a little down the same log file:

      ### Error querying database.  Cause: java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 2022ms.
### The error may exist in io/fusionauth/api/domain/KeyMapper.xml
### The error may involve io.fusionauth.api.domain.KeyMapper.retrieveAll
### The error occurred while executing a query
### Cause: java.sql.SQLTransientConnectionException: HikariPool-1 - Connection is not available, request timed out after 2022ms.

      these keep recurring down the page. The only recommendation I see is "Possibly consider using a shorter maxLifetime value".
      Can you tell me where I set this? Is this a fa thing or a ubuntu thing?

      Or could this be that AWS won't accept a connection? Is this an issue for AWS tech support instead?

      1 Reply Last reply Reply Quote 0
      • R
        richb201
        last edited by richb201

        @robotdan said in invalid_redirect_uri:

        http://35.153.28.164/index.php/Configure/report_generator_amazing

        You are right! The http:// is missing in one place (for example)
        redirect_uri=35.153.28.164%2Findex.php%2FC

        But I included it in the URI redirect field in the Home/applications/edit uri field (see below) and it appears in other places in the screenshot. How can that be?

        <a rel="nofollow noopener noreferrer" target="_blank" onclick="return window.theMainWindow.showLinkWarning(this)" href="http://35.153.28.164:9011/oauth2/passwordless/Hpwfsd2h-82faVz7oFYpX6xg0k43aIFM0d54-ueW7dc?tenantId=4272f95b-0989-4892-badc-0ef6b934885f&amp;client_id=f603697d-41ea-4c53-ac2d-e935d5e34221&amp;redirect_uri=35.153.28.164%2Findex.php%2FConfigure%2Freport_generator_amazing&amp;response_type=code&amp;scope=openid&amp;state=richardbernstein216%40yahoo.com">
<button style="border:none;color:white;padding:15px 32px;text-align:center;text-decoration:none;font-size:16px;margin:4px 2px;cursor:pointer;background-color:#008CBA;">
Click Here to Login!
</button>
</a>

        In looking at the text of the passwordless login email above I see that the http// is missing! But as I showed you in a screenshot below it is in the proper place. What is cutting it off? Has anyone else had this issue?
        Screenshot from 2021-05-06 10-18-03.png

        1 Reply Last reply Reply Quote 0
        • robotdanR
          robotdan
          last edited by

          @richb201 said in invalid_redirect_uri:

          http://35.153.28.164:9011/oauth2/passwordless/Hpwfsd2h-82faVz7oFYpX6xg0k43aIFM0d54-ueW7dc?tenantId=4272f95b-0989-4892-badc-0ef6b934885f&client_id=f603697d-41ea-4c53-ac2d-e935d5e34221&redirect_uri=35.153.28.164%2Findex.php%2FConfigure%2Freport_generator_amazing&response_type=code&scope=openid&state=richardbernstein216%40yahoo.com

          It looks missing to me, in your example HTML I see &redirect_uri=35.153.28.164... instead of &redirect_uri=http://35.153.28.164....

          R 1 Reply Last reply Reply Quote 0
          • R
            richb201 @robotdan
            last edited by

            @robotdan here is the email template. Looks to me to have the http://.

            <meta charset="UTF-8">
<!doctype html>

<body>
  <img src="http://35.153.28.164/assets/themes/default/images/Logo%20-%20Research%20Study%20Online-01.jpg?w=640" alt="img" />
  <p>To log into ResearchStudyOnline please click the link.</p>

  [#setting url_escaping_charset="UTF-8"]

  
  [#-- The optional 'state' map provided on the Start Passwordless API call is exposed in the template as 'state' --]
  [#assign url = "http://35.153.28.164:9011/oauth2/passwordless/${code}?tenantId=${user.tenantId}" /]
  [#list state!{} as key, value][#if key != "tenantId" && value??][#assign url = url + "&" + key?url + "=" + value?url/][/#if][/#list]
  
  <div>
<a href="${url}" target="_blank">
<button style="border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
background-color: #008CBA;">
Click Here to Login!
</button>
</a>
</div>

</body>
            1 Reply Last reply Reply Quote 0
            • joshuaJ
              joshua
              last edited by

              @richb201,

              Some of this you may have tried, but could be worth double-checking:

              1. Have you tried running your FreeMarker template through a linter to make sure there are no errors that might explain some of the behavior you are seeing?
              2. Have you tried printing the full URL on your server (in a debug-like puts/print statement) to verify the presence or absence of an HTTP schema in the link and that the link is not broken?
              3. Does the Freemarker template appear as you would like it to when you "preview" (there is a preview button there) the template in FusionAuth under the themes section?

              At the moment, I don't have any other suggestions but will post back here once something else comes to mind.

              Thanks,
              Josh

              1 Reply Last reply Reply Quote 0
              • R
                richb201
                last edited by richb201

                Thanks. From a post by robotdan to another user:

                Hi @forenheith can you confirm you have configured your redirect URI in FusionAuth?

                https://fusionauth.io/docs/v1/tech/oauth/overview

                The Redirect URI will be the URL of your application that will handle the response from the Authorization request. If the value you send in the redirect_uri parameter is not registered with FusionAuth you will receive the invalid_redirect_uri error as you're seeing.

                what does this mean?
                "If the value you send in the redirect_uri parameter is not registered with FusionAuth you will receive the invalid_redirect_uri error as you're seeing."

                Where would I register my Redirect URI? I already have it registered in
                Redirect URI as can be seen here. But I get the feeling that he is talking about registering it somewhere else?
                ![Screenshot from 2021-05-14 02-34-57.png](/community/forum/assets/uploads/files/1620974176507-screenshot-from-2021-05-14-02-34-57.png
                Screenshot from 2021-05-14 02-34-57.png

                I did find this:
                redirect_uri [String] REQUIRED
                The URI to redirect to upon a successful request. This URI must have been configured previously in the FusionAuth Application OAuth configuration. See Applications in the FusionAuth User Guide for additional information on configuring the redirect URI.

                Where would that be done??

                I also found this in rfs6749
                If a redirection URI is provided in the request, the authorization server MUST validate it against the registered value.

                BUT where do I register this?

                1 Reply Last reply Reply Quote 0
                • joshuaJ
                  joshua
                  last edited by

                  Hi @richb201

                  The redirect URL, for OAuth, should only need to be set/registered on this screen for your Application.

                  oauth-redirect-orginal.png

                  I hope this helps!

                  Thanks,
                  Josh

                  1 Reply Last reply Reply Quote 0
                  • R
                    richb201
                    last edited by richb201

                    Here is mine. They look similar right?
                    Screenshot from 2021-05-19 10-26-11.png

                    I am going to try your standard passwordless email instead of my customized one.

                    Here is my login tenant. Notice the issuer? Is that a problem? Do I need to have my own inform in there?
                    Screenshot from 2021-05-19 10-30-26.png

                    1 Reply Last reply Reply Quote 0
                    • robotdanR
                      robotdan
                      last edited by

                      @richb201 said in invalid_redirect_uri:

                      I am going to try your standard passwordless email instead of my customized one.

                      This is a good idea. This should give you a base case to test with to ensure it is working correctly before customizing it too much.

                      You may also want to capture the raw email message to see if the URL is correct in the MIME encoded version of the email.

                      R 1 Reply Last reply Reply Quote 0
                      • R
                        richb201 @robotdan
                        last edited by richb201

                        @robotdan Thanks. I have the raw email message, I just don't know how to see what is wrong with it.

                        
Received: from 10.196.216.85
 by atlas319.free.mail.bf1.yahoo.com with HTTPS; Fri, 14 May 2021 11:19:49 +0000
Return-Path: <010001796a9a9e93-d880d840-8578-4fbf-9cfa-e2fe054e3986-000000@amazonses.com>
X-Originating-Ip: [54.240.8.241]
Received-SPF: pass (domain of amazonses.com designates 54.240.8.241 as permitted sender)
Authentication-Results: atlas319.free.mail.bf1.yahoo.com;
 dkim=pass header.i=@amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug;
 spf=pass smtp.mailfrom=amazonses.com;
 dmarc=unknown header.from=substantiator.com;
X-Apparently-To: richardbernstein216@yahoo.com; Fri, 14 May 2021 11:19:49 +0000
X-YMailISG: RuEN7foWLDu9BhoVg1_uj0ZIWl3MAsheSKU0V8Ov.9FsKaEX
 xrAAWNrr8D1StRJTu4elf71kfaBhc1I7eqUJQeUplY6XYN2XU_.96BEgIcp7
 RpVKGE3QaznUrFboVsXtT8Esf6tChUHtXHOvSDcq1ySeDEUvWaBJX6BZDzmB
 7QFLHvkF6k2Fa21vy3yb3y_hdPGc.RpjQM2Xu6PzcS9s0fl8BXFwt7vQyDkC
 aNAnTmgPibrFvftqKxhMA018R_fa3OD_1Cx2ymowL_lPOvOwYlxzlYiHp6gB
 B.AMbM6eMtNX4_NfaS0MzcHIgbCZ342fWVIkx8QH5kFm8pkPp7.7OGhC4xQl
 lrIA8fxMJ5bALaPN2pfzkjn0a_TmU5cveMbVDIM7PdNPyTTYpgN8h6OCVoBm
 lCW66qZpuHBB8BndOg2cPsr1S_JEJjYtOp4.QW7Hi5.ngcr_w0SpnMuY4ob6
 cuJEDKW_eHrN30geb0bgmveRT84g8.gZ1y8wuNjnYrBZDGJWhrzAq2aYLwvT
 DGhByPAxUDIN.eE.fL5T7kbHZEPn3zeIUV9vCvpdsYPSXMChhHG73A1FfoJW
 9KjMNrTt.7SuyIG85b_PcMMn6cDtyEtNxliEeXWwIw4UWpXBlqZk_7J9FKkM
 da_IJmf8Nk5.RhZgV6s_z.2ldeHlmN_RfWdF3eQU8sd5n.29OrUowXSLQ2VA
 JEZP3ztIIFPWxBJ9onafe3F1PBoefTPAmufC2hYXpwFBTkINJdmRId2672Oq
 U21ZQgq2341SN0Kb5Dv1lAQ5Db9Cd3VHx8_QGZ.AOl15P9orL5bKzsn33H4i
 McPP1HsY_japIFdCy5EukFBStpirGhneoY5vW6PfEBTEd2USnLpSuWd8KHzu
 tv9cI6vVVJISkmW0FSD5pY5TKdYLrU1vFmR9SLZ7CbhlEIV3_LMnNAl_7Z6y
 mgYdNrD0qGojogB8zAtL8r78Wz8kgiDV4_UB5UNJ5rJypqmBfCkG..iOF8NT
 YvTPgjG_oPTHc0_TakpvQ0v9Tm3p3G20Gy9xhDuawxOq445JgJCE6mx_AfN8
 SlVtKizLp1GwcmzwVkZO8X_E1DZqRXegeJ86KoO.mIAkFb7pkStYgAbY1zny
 _uDaWSqRUzLsPZz4bTJM5wyqWYrl4DwmZ73C6wnw6AFA9kiJE4x1PvFKlA--
Received: from 54.240.8.241 (EHLO a8-241.smtp-out.amazonses.com)
 by 10.196.216.85 with SMTPs
 (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
 Fri, 14 May 2021 11:19:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1620991188;
	h=From:To:Message-ID:Subject:MIME-Version:Content-Type:Date:Feedback-ID;
	bh=HSdZTCdopKudE7gQLvMd7mhFaDyjWsxy1D6lCGlaXGg=;
	b=hJFNKihjTNSqR9HTquZmBuIEobuvLlQP02ypaee/aHylzTlFsJq55u+2vK+u/OGE
	/tyfh3hqWOyCy0CpwkEQsjX8Xv9I/YHz+sB1mqIxDhwse7LPzqZ+Kd9VmVkKqAJaSil
	xiI/dTVkV/Dhayive7Dc4YdTtyRdgc3+eu3JX1NU=
From: admin <admin@substantiator.com>
To: richardbernstein216@yahoo.com
Message-ID: <010001796a9a9e93-d880d840-8578-4fbf-9cfa-e2fe054e3986-000000@email.amazonses.com>
Subject: Login
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_10_107303501.1620991187686"
Date: Fri, 14 May 2021 11:19:48 +0000
Feedback-ID: 1.us-east-1./ToaGAJxWOVHrr4y6A5cU9krmMVcIKDbUUm+IkkffcM=:AmazonSES
X-SES-Outgoing: 2021.05.14-54.240.8.241
Content-Length: 1850

------=_Part_10_107303501.1620991187686
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

<body>
  <img src="35.153.28.164/assets/themes/default/images/Logo - Research Study Online-01.jpg?w=640" alt="img" />
 
     
  <div>
<a href="http://fusionauth.ngrok.io/oauth2/passwordless/YZKTNV6VE0VGJ9e_mKuWLjtokNtS44FcAvEM5kTG9Jk?tenantId=4272f95b-0989-4892-badc-0ef6b934885f&client_id=f603697d-41ea-4c53-ac2d-e935d5e34221&redirect_uri=35.153.28.164%2Findex.php%2FConfigure%2Freport_generator_amazing&response_type=code&scope=openid&state=richardbernstein216%40yahoo.com" target="_blank">
<button style="border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
background-color: #008CBA;">
Click Here For Survey!
</button>
</a>
</div>

</body>
------=_Part_10_107303501.1620991187686
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<meta charset="UTF-8">
<!doctype html>

<body>
  <img src="http://35.153.28.164/assets/themes/default/images/Logo%20-%20Research%20Study%20Online-01.jpg?w=640" alt="img" />
  <p>To log into ResearchStudyOnline please click the link.</p>

    
  <div>
<a href="http://35.153.28.164:9011/oauth2/passwordless/YZKTNV6VE0VGJ9e_mKuWLjtokNtS44FcAvEM5kTG9Jk?tenantId=4272f95b-0989-4892-badc-0ef6b934885f&client_id=f603697d-41ea-4c53-ac2d-e935d5e34221&redirect_uri=35.153.28.164%2Findex.php%2FConfigure%2Freport_generator_amazing&response_type=code&scope=openid&state=richardbernstein216%40yahoo.com" target="_blank">
<button style="border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
background-color: #008CBA;">
Click Here to Login!
</button>
</a>
</div>

</body>
------=_Part_10_107303501.1620991187686--

                        This one is using ngrok, just so I can test on my laptop.

                        1 Reply Last reply Reply Quote 0
                        • robotdanR
                          robotdan
                          last edited by

                          Here is the redirect_uri in the email:

                          &redirect_uri=35.153.28.164%2Findex.php%2FConfigure%2Freport_generator_amazing

                          This needs to be be &redirect_uri=http://35...

                          R 1 Reply Last reply Reply Quote 0
                          • R
                            richb201 @robotdan
                            last edited by richb201

                            @robotdan Yes, I know that needs to have http:// but I think I have it already!. Where do I specify that. Here is the application setup and you can see it there.
                            Screenshot from 2021-05-19 10-26-11.png

                            and here is the email template:

                            <meta charset="UTF-8">
<!doctype html>

<body>
  <img src="http://35.153.28.164/assets/themes/default/images/Logo%20-%20Research%20Study%20Online-01.jpg?w=640" alt="img" />
  <p>To log into ResearchStudyOnline please click the link.</p>

  [#setting url_escaping_charset="UTF-8"]

  
  [#-- The optional 'state' map provided on the Start Passwordless API call is exposed in the template as 'state' --]
  [#assign url = "http://35.153.28.164:9011/oauth2/passwordless/${code}?tenantId=${user.tenantId}" /]
  [#list state!{} as key, value][#if key != "tenantId" && value??][#assign url = url + "&" + key?url + "=" + value?url/][/#if][/#list]
  
  <div>
<a href="${url}" target="_blank">
<button style="border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
background-color: #008CBA;">
Click Here to Login!
</button>
</a>
</div>

</body>

                            It also has the http://

                            R 1 Reply Last reply Reply Quote 0
                            • R
                              richb201 @richb201
                              last edited by richb201

                              @richb201 I think I got it. There was a line in my code that was missing the http://. Thanks.

                              Now that I got that working, I do want to pass in the user's email address to the redirect uri. Is there an easy way to do that?
                              I have set $request["state"]["state"] = "$email" prior to doing the fusion doing the auth, so how do I get "state" inside my application?

                              1 Reply Last reply Reply Quote 0
                              • joshuaJ
                                joshua
                                last edited by

                                @richb201,

                                Can you provide a bit more context on why you want to do this on a URI? I am not sure what you want to store in "state".

                                The "state" variable, as I understand it, is available only on the forgot password FTL templates (doc, using the API, but the description is still applicable to your OAuth setup here)

                                My first thought was, perhaps you want to store "state" on a custom user data point and just query the user object when needed? But might need some more information to assist further.

                                Thanks,
                                Josh

                                1 Reply Last reply Reply Quote 0
                                • R
                                  richb201
                                  last edited by

                                  Hi. I actually want to pass in this user's email address to I can use it when I query my database to find the rest of his data. Can I do this without having to pass the email address manually?

                                  1 Reply Last reply Reply Quote 0
                                  • joshuaJ
                                    joshua
                                    last edited by

                                    @richb201,

                                    If you are using the OAuth protocol, you should have access to this information.

                                    I would try accessing the userinfo endpoint. The only requirement to get this information is the access token obtained through the OAuth process.

                                    https://fusionauth.io/docs/v1/tech/oauth/endpoints#userinfo

                                    I hope this helps!

                                    Thanks,
                                    Josh

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      richb201
                                      last edited by

                                      OK I found:
                                      retrieveUserInfoFromAccessToken($encodedJWT)

                                      What is the JWT?

                                      This is how I am getting back to a method in my application:

                                      http://35.153.28.164/index.php/Configure/passwordless_entry

                                      Will the JWT come in a $_GET or a $_POST in that method, passwordless_entry?

                                      1 Reply Last reply Reply Quote 0
                                      • joshuaJ
                                        joshua
                                        last edited by joshua

                                        @richb201

                                        https://fusionauth.io/learn/expert-advice/oauth/modern-guide-to-oauth/#tokens covers the use of JWT's.

                                        https://fusionauth.io/docs/v1/tech/guides/passwordless/
                                        covers how to set up Passwordless within FusionAuth. It also covers how this workflow handles JWT's.

                                        https://fusionauth.io/docs/v1/tech/apis/passwordless/#complete-a-passwordless-login
                                        The Passwordless API.

                                        I hope that helps!

                                        Josh

                                        1 Reply Last reply Reply Quote 0
                                        • R
                                          richb201
                                          last edited by richb201

                                          My user is getting the email that they can log in. Here is the raw email that the user is getting:

                                          Received: from 10.253.233.84
 by atlas107.free.mail.gq1.yahoo.com with HTTPS; Tue, 15 Jun 2021 13:39:59 +0000
Return-Path: <0100017a0fe672e1-2da23800-1edd-4c6e-9141-d233317fb630-000000@amazonses.com>
X-Originating-Ip: [54.240.48.39]
Received-SPF: pass (domain of amazonses.com designates 54.240.48.39 as permitted sender)
Authentication-Results: atlas107.free.mail.gq1.yahoo.com;
 dkim=pass header.i=@amazonses.com header.s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug;
 spf=pass smtp.mailfrom=amazonses.com;
 dmarc=unknown header.from=substantiator.com;
X-Apparently-To: richardbernstein219@yahoo.com; Tue, 15 Jun 2021 13:40:00 +0000
X-YMailISG: epGYStgWLDsWCq8pwIiTpGmtjoQrowrDPq9_3kwcKGZjFa2K
 an3s2H5MXNzeyAi4rGZAwWZcxtQooNv4lQDVsQyf_7S_tb_8j7zo4fy9usni
 yt.gFIFUAZQX04r9L7krXtPy.S6SY89ecopiN.8Z7eQn32Js3MC49OVEWBjD
 VNZFHEF6YRi2Pp8d3mZ3s7WyfkZqSGtb0AHovLlrvVU8wYEc45a_AkQYb2FP
 iXsH_ayxD4meychffezPfraH7o6acCPhlQQ8uzJ2Lq5i9RXfKyHPRXR9vK_2
 zHJfJKLMqJW.q2ruRbtTIRdbg4dcM.xpVmfA6OVeCwAYOCsqxwl_tzyHcDN.
 aCbmMZVkji4efE8ie2Tl_qcKkdXgEjf6DgwWwrZ1rcozSywcvjpQJ2MH9tY6
 b36wUZoCKi70cNYKf0VyYV3HgGrbhraj5VVIWz2pL8YsBYmA6F2RQkT.tMVh
 svLRVLpa7WQUffbFSx56XHEHZ0aZPBjj7IlwZD0VCI0gHXLriSVYd8UCWlGF
 Xa0NxEh6Gfn6ZsCXXCyV8CJGIr07PhzxkSkKNOBxdiHCRr4gGRkfFAcX09E9
 6fH49yQycp0IBLG4bqMEXODX_jV3MtuzwlYFXN2AlO9GPf.BEbRDWsr7pekr
 x6Kb4NOeUzYxYZqXLt6e3OwdNLqm_vL0ouJcE1H4QzlChJCKh.oNWwlPG3Jp
 Df7Sehmw4kr0_GqMD3jltOgSOaWPbyq5loM4_GQ2WBSDcwRdATILDYftFTHd
 _sJST.PQ8MNWhjkhNolqcIoZLCQFmaywlupScahbaX9_u.KKePOTRa7N9GIu
 alOw3zSzgSjMV7M_IheYH1pfYHpenhr5Ix5W8sgh7N7y7vmTFJHa6Idpb74N
 LnN4Lq82dqqblfRxAuj02_9zCdO5bEUEWgWzIyIH39SH6x90WXYNmlq7fDC3
 CcPVCvGE4C1SlEEKTw.Rwan28xhjt5XDGx5nFnH7sv5CSJBM7Am5FcSchaBs
 iBRa1elODLiFqzz2bzfyNWkUE8qMg0jFAOAqeYBQfwH_RqJhF1KYxE8ByWIO
 ZK2UAq7HzC.vUoMTu9WrCMRAhRYNXojDz49jSnYE0JJqCPNLAQlSS5CiRkYq
 NuxfzAkTqp8SulZHnQsc0t8LAON79HLeBFgZ2PRhaC3hhvDZP.aPcA.s
Received: from 54.240.48.39 (EHLO a48-39.smtp-out.amazonses.com)
 by 10.253.233.84 with SMTPs
 (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
 Tue, 15 Jun 2021 13:39:59 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
	s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1623764398;
	h=From:To:Message-ID:Subject:MIME-Version:Content-Type:Date:Feedback-ID;
	bh=T038Z0UwMACvG/0gtmtv6+gtfNJaQNFP1pWDpWOlJc8=;
	b=cfbsFJ50qkHtfbJ0PhX6ZVmobnhNebMyR8ddQ70Is9zzAY5KgHFPwUUpBAE8jYgy
	kCkcuDevKqiyXjAOG5O3DKf/Gw1saWX8vaWMLGB53Zm/ai6BuWAixYWvZ/0qeZh/eqd
	PTIqXg1Wm34VRiL/vtcxqR7ImQy8NHPWD9B8lovk=
From: admin <admin@substantiator.com>
To: richardbernstein219@yahoo.com
Message-ID: <0100017a0fe672e1-2da23800-1edd-4c6e-9141-d233317fb630-000000@email.amazonses.com>
Subject: Login
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_18_571959732.1623764397561"
Date: Tue, 15 Jun 2021 13:39:58 +0000
Feedback-ID: 1.us-east-1./ToaGAJxWOVHrr4y6A5cU9krmMVcIKDbUUm+IkkffcM=:AmazonSES
X-SES-Outgoing: 2021.06.15-54.240.48.39
Content-Length: 1908

------=_Part_18_571959732.1623764397561
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

<body>
  <img src="35.153.28.164/assets/themes/default/images/Logo - Research Study Online-01.jpg?w=640" alt="img" />
 
     
  <div>
<a href="http://fusionauth.ngrok.io/oauth2/passwordless/gXw-s8GL7gQpSkWTrdjnsFKExLfAuwIt3dErPkR2IEQ?tenantId=4272f95b-0989-4892-badc-0ef6b934885f&client_id=f603697d-41ea-4c53-ac2d-e935d5e34221&redirect_uri=http%3A%2F%2Fsubstantiator-survey.ngrok.io%2Findex.php%2FConfigure%2Freport_generator_amazing&response_type=code&scope=openid&state=richardbernstein219%40yahoo.com" target="_blank">
<button style="border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
background-color: #008CBA;">
Click Here For Survey!
</button>
</a>
</div>

</body>
------=_Part_18_571959732.1623764397561
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<meta charset="UTF-8">
<!doctype html>

<body>
  <img src="http://35.153.28.164/assets/themes/default/images/Logo%20-%20Research%20Study%20Online-01.jpg?w=640" alt="img" />
  <p>To log into ResearchStudyOnline please click the link.</p>

    
  <div>
<a href="http://35.153.28.164:9011/oauth2/passwordless/gXw-s8GL7gQpSkWTrdjnsFKExLfAuwIt3dErPkR2IEQ?tenantId=4272f95b-0989-4892-badc-0ef6b934885f&client_id=f603697d-41ea-4c53-ac2d-e935d5e34221&redirect_uri=http%3A%2F%2Fsubstantiator-survey.ngrok.io%2Findex.php%2FConfigure%2Freport_generator_amazing&response_type=code&scope=openid&state=richardbernstein219%40yahoo.com" target="_blank">
<button style="border: none;
color: white;
padding: 15px 32px;
text-align: center;
text-decoration: none;
font-size: 16px;
margin: 4px 2px;
cursor: pointer;
background-color: #008CBA;">
Click Here to Login!
</button>
</a>
</div>

</body>
------=_Part_18_571959732.1623764397561--

                                          When they click on the link in the email they get this error from fusionAuth

                                          {
  "error" : "invalid_request",
  "error_description" : "Invalid redirect uri http://substantiator-survey.ngrok.io/index.php/Configure/report_generator_amazing",
  "error_reason" : "invalid_redirect_uri"
}

                                          Is there any better description of the error reporting?
                                          There is one detail I should mention here. The database is on mysql RDS which means that it is located on an AWS server. The user is interacting with the fusionAuth on my laptop. But when the user is being sent to the AWS server (35.153.28,164) to complete the interaction (http://35.153.28.164:9011/oauth2/passwordless) they are interacting with a copy of fusion auth running on the server. I would think (aka assuming) that this is ok since they are using the same dbase, but this is a question for your engineers.

                                          The error is showing http://substantiator-survey.ngrok.io which is the laptop is there any rule that the redirect URL and the FA app need to be on the same server?

                                          1 Reply Last reply Reply Quote 0
                                          • joshuaJ
                                            joshua
                                            last edited by

                                            Hi @richb201,

                                            Based on the error description,

                                            http://substantiator-survey.ngrok.io/index.php/Configure/report_generator_amazing

                                            Needs to be configured in the OAuth server (I think this is what you said you were using previously) as your redirect URI (or the link needs to be modified to your redirect URI). Can you confirm that is the case? You can confirm by navigating to Applications > OAuth > Redirect URI

                                            If you have not changed your OAuth configuration since the last screenshot, it would seem that your redirect is set to

                                            http://35.153.26.164/ ....

                                            and not
                                            http://substantiator-survey.ngrok.io/index.php/Configure/report_generator_amazing/

                                            There is one detail I should mention here. The database is on mysql RDS which means that it is located on an AWS server. The user is interacting with the fusionAuth on my laptop. But when the user is being sent to the AWS server (35.153.28,164) to complete the interaction (http://35.153.28.164:9011/oauth2/passwordless) they are interacting with a copy of fusion auth running on the server. I would think (aka assuming) that this is ok since they are using the same dbase, but this is a question for your engineers.

                                            I am not entirely clear on the question, but if you, for instance, start an OAuth session (login workflow for instance) on a laptop A browser you will want to complete the OAuth authorization flow on that same laptop A browser. This may be part of your difficulty, but I would confirm the redirect first. We can do some additional troubleshooting if need be.

                                            Thanks,
                                            Josh

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post