Google OAuth not working -> redirect_uri_mismatch

magnusi · March 18, 2020, 11:14am

Hello, it seems that Google OAuth doesn’t work, at least for me.
I have the following Caddy configuration:

*:80 {
	gzip
	root /usr/share/caddy
}

study.gjk.cat {
	proxy / 127.0.0.1:3000 {
		header_upstream X-Forwarded-Proto {scheme}
		header_upstream X-Forwarded-For {host}
		header_upstream Host {host}
		websocket
	}
}


import conf.d/*.conf

The following RocketChat configuration:

#!/bin/bash

export MONGO_URL=mongodb://localhost:27017/rocketchat
export 'MONGO_OPLOG_URL=mongodb://localhost:27017/local?replSet=rs01'
#export ROOT_URL='https://style.gjk.cat'
export ROOT_URL='http://localhost:3000'
export MONGO_URL='mongodb://localhost:27017/rocketchat'
export NODE_ENV=production
export PORT=3000
export HTTP_PROXY=http://study.gjk.cat
export HTTPS_PROXY=https://study.gjk.cat
export HTTP_FORWARDED_COUNT=1

cd /usr/share/rocketchat-server
node main.js > >(tee -a /var/log/rocket.log) 2> >(tee -a /var/log/rocket.err >&2)

I tried both with and without the HTTP_ env vars, and with both the correct and local ROOT_URL.

And this is what I have in my Google OAuth settings:

 Authorized redirect URIs

For use with requests from a web server
URIs:

https://study.gjk.cat/_oauth/google?close

https://study.gjk.cat/_oauth/google

http://study.gjk.cat/_oauth/google?close

http://study.gjk.cat/_oauth/google

http://localhost:3000

https://localhost:3000?close

As you can see, I was getting desperate.

I’m getting either this error (without HTTP_ variables):

Exception while invoking method 'login' Error: Failed to complete OAuth handshake with Google. failed [400] {   "error": "redirect_uri_mismatch",   "error_description": "Bad Request" }
    at getTokens (packages/google-oauth/google_server.js:105:7)
    at Object.getServiceData [as handleOauthRequest] (packages/google-oauth/google_server.js:80:58)
    at OAuth._requestHandlers.<computed> (packages/oauth2/oauth2_server.js:10:33)
    at middleware (packages/oauth/oauth_server.js:161:5)
    at /usr/share/rocketchat-server/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40 {
  message: 'Failed to complete OAuth handshake with Google. failed [400] {   "error": "redirect_uri_mismatch",   "error_description": "Bad Request" }',
  response: {
    statusCode: 400,
    content: '{\n' +
      '  "error": "redirect_uri_mismatch",\n' +
      '  "error_description": "Bad Request"\n' +
      '}',
    headers: {
      'content-type': 'application/json; charset=utf-8',
      vary: 'X-Origin, Referer, Origin,Accept-Encoding',
      date: 'Wed, 18 Mar 2020 10:24:32 GMT',
      server: 'scaffolding on HTTPServer2',
      'cache-control': 'private',
      'x-xss-protection': '0',
      'x-frame-options': 'SAMEORIGIN',
      'x-content-type-options': 'nosniff',
      'alt-svc': 'quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000',
      'accept-ranges': 'none',
      connection: 'close',
      'transfer-encoding': 'chunked'
    },
    data: {
      error: 'redirect_uri_mismatch',
      error_description: 'Bad Request'
    }
  }
}

or this error (with HTTP_ variables enabled):

{"line":"392","file":"oauth_server.js","message":"Error in OAuth Server: Failed to complete OAuth handshake with Google. tunneling socket could not be established, cause=write EPROTO 140473161676672:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1543:SSL alert number 80\n","time":{"$date":1584528550323},"level":"warn"}
Exception while invoking method 'login' Error: Failed to complete OAuth handshake with Google. tunneling socket could not be established, cause=write EPROTO 140473161676672:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1543:SSL alert number 80

    at getTokens (packages/google-oauth/google_server.js:105:7)
    at Object.getServiceData [as handleOauthRequest] (packages/google-oauth/google_server.js:80:58)
    at OAuth._requestHandlers.<computed> (packages/oauth2/oauth2_server.js:10:33)
    at middleware (packages/oauth/oauth_server.js:161:5)
    at /usr/share/rocketchat-server/programs/server/npm/node_modules/meteor/promise/node_modules/meteor-promise/fiber_pool.js:43:40 {
  message: 'Failed to complete OAuth handshake with Google. tunneling socket could not be established, cause=write EPROTO 140473161676672:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1543:SSL alert number 80\n'

Thanks for any advice. I am unfortunately unable to pinpoint the origin of the error. It just doesn’t appear to work out for me

Topic		Replies	Views
Error in OAuth Server: Failed to complete OAuth handshake with Google Community Support	0	1470	April 9, 2020
Rocket.chat Oauth error access url oauth/authorize : get Redirect URL does not match Community Support projectideas , rocketchat-apps	1	1513	September 28, 2020
HELP! Setting up oauth with keycloack Community Support	26	4626	October 19, 2023
Redirection problem when attempting to authenticate with Rocket.Chat and then trying to return to a Jitsi meeting room Rocket.Chat Apps rocketchat-apps	0	395	October 17, 2023
Custom oauth problem with gluu, config problem or bug? Community Support	0	840	March 26, 2019

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

Google OAuth not working -> redirect_uri_mismatch

Related topics