Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with Redirect URI When Defined in get_login_redirect Using HTTPS with Nginx #210

Open
nimaxin opened this issue Nov 15, 2024 · 1 comment
Open

Error with Redirect URI When Defined in get_login_redirect Using HTTPS with Nginx #210

nimaxin opened this issue Nov 15, 2024 · 1 comment

Comments

@nimaxin
Copy link

nimaxin commented Nov 15, 2024
edited
Loading

Problem:

I am experiencing an issue with the fastapi-sso library when defining the redirect_uri within the get_login_redirect method instead of during the initialization of the GoogleSSO instance.

  • When the redirect_uri is set during the initialization of GoogleSSO, everything works correctly under both HTTPS (with Nginx) and localhost.
  • When the redirect_uri is moved to the get_login_redirect method, it works on localhost but fails with HTTPS behind Nginx.

Error:

The following error is encountered when attempting to log in with Google under HTTPS using Nginx:

oauthlib.oauth2.rfc6749.errors.InvalidClientIdError: (invalid_request) 
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.

You can let the app developer know that this app doesn't comply with one or more Google validation rules.

Reproduction Steps:

  1. Define the redirect_uri within the get_login_redirect method:
@app.get("/auth/google/login")
async def auth_init():
    async with sso:
        return await sso.get_login_redirect(
            redirect_uri="https://preprodxin.ddns.net/auth/google/callback",
            params={"prompt": "consent", "access_type": "offline"},
        )
  1. Configure Nginx to serve the FastAPI application over HTTPS.
  2. Attempt to sign in with Google OAuth.

Observed Behavior:

Works correctly on localhost.
It fails with HTTPS (Nginx) and returns the above error.

Expected Behavior:

Defining the redirect_uri dynamically within get_login_redirect should work consistently across environments, including HTTPS.

Environment:

fastapi==0.115.5
fastapi-sso==0.17.0
Python: docker image 3.11-slim
Nginx: docker image latest (1.27)
Running in a Docker container.

code example: https://github.com/nimaxin/fastapi-sso-nginx.git
@tomasvotava
Copy link
Owner

Hey, thanks for opening this issue and for the code example! I've actually stumbled upon the same thing just this week, it seems to me that the handling is different and if you pass the redirect_uri to get_login_redirect, you also need to pass it to verify_and_process, which is stupid and confusing. I'll take a look at what I can do about it, hopefuly this weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomasvotava @nimaxin