Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obsidian Login block causes an "Error 400: invalid_request" when using Google Authentication (the sequel) #5641

Closed
2 tasks done
JRichmond27 opened this issue Oct 23, 2023 · 2 comments
Closed
2 tasks done

Obsidian Login block causes an "Error 400: invalid_request" when using Google Authentication (the sequel) #5641

JRichmond27 opened this issue Oct 23, 2023 · 2 comments
Assignees
@joshuahenninger
Labels
Fixed in v15.3

Comments

@JRichmond27
Copy link

Description

This issue is very closely related to issue #5478.

We're getting the same "Error 400: invalid_request" error message as that issue, but for us it's because the GetCurrentPageUrl() function on line 741 of Rock.Blocks/Security/Login.cs just returns a URL in the format of "/page/{Id}" instead of the actual page route URL of the current request.

We have every page on our public website set up with a custom Page Route, and we do not use the /page/{Id} pattern anywhere publically. Our login page is located at "/account/login", which means we have not added (and would prefer not to add) the /page/{Id} URL to Google as a valid redirect_uri.

Actual Behavior

The redirect_uri parameter is sent in the format of "/page/{Id}" because the GetCurrentPageUrl() function is generating the default page URL instead of using the requested URL or one of the specified Page Routes for the page.

Expected Behavior

The actual URL of the current page request should be sent as the return_uri parameter

Steps to Reproduce

  1. Set up Google Authentication and specify "https://yourdomain.com/account/login" as a valid redirect_uri
  2. Add "account/login" as a Page Route on the public log in page
  3. Make sure the public log in page is using the Obsidian Login block and that the block has Google authentication enabled
  4. Go to https://yourdomain.com/account/login and click the Sign in with Google button
  5. Notice the redirect_uri_mismatch error on the Google sign in page
  6. Click the "error details" link and notice the redirect_uri with the "/page/{Id}" pattern

Issue Confirmation

  • Perform a search on the Github Issues to see if your bug or enhancement is already reported.
  • Try to reproduce the problem on a fresh install or on the demo site.

Rock Version

15.2

Client Culture Setting

en-US
@sparkdevnetwork-service sparkdevnetwork-service added the Status: In Dev Queue This issue is being worked on, and has someone assigned. label Oct 25, 2023
@joshuahenninger joshuahenninger self-assigned this Oct 25, 2023
@joshuahenninger
Copy link
Contributor

@JRichmond27 Thanks for reporting this issue.

The Obsidian Login block will now use the current URL path in the redirect_uri beginning in v15.3.

If an individual is on https://yourdomain.com/page/3, then the redirect_uri will be "https://yourdomain.com:443/page/3" (note the port is included to be backward compatible with the old block).

If an individual is on https://yourdomain.com/admin/login, then the redirect_uri will be "https://yourdomain.com:443/admin/login".

Please let us know if you have any follow-up questions.

@JRichmond27
Copy link
Author

@joshuahenninger, that's perfect. Thank you!

@sparkdevnetwork-service sparkdevnetwork-service removed the Status: In Dev Queue This issue is being worked on, and has someone assigned. label Oct 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joshuahenninger joshuahenninger

Labels
Fixed in v15.3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JRichmond27 @sparkdevnetwork-service @joshuahenninger