Skip to content

通过oidc的方式接入okta时,redirect_uri=为http导致登录报redirect_uri不一致 #2563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
prewang opened this issue Mar 24, 2025 · 2 comments
Open

通过oidc的方式接入okta时,redirect_uri=为http导致登录报redirect_uri不一致 #2563

prewang opened this issue Mar 24, 2025 · 2 comments
Labels
question

Comments

@prewang
Copy link

prewang commented Mar 24, 2025

Question and Steps to reproduce

  1. 通过oidc的方式接入okta时,redirect_uri=为http导致登录报redirect_uri不一致。
  2. 夜莺是http的方式启动,但是在前面放了反向代理,通过https的方式对外发布,因此在夜莺的oidc的callback配置的为https
    Enable = true
    DisplayName = 'OIDC登录'
    RedirectURL = 'https://xxx.abc.com/callback'
    SsoAddr = 'https://okta.okta.com'
    SsoLogoutAddr = 'https://okta.okta.com/oauth2/v1/logout'
  3. authorize的code已经获取,Redirect到callback正常。都是https的,但是在okta的日志中,换取token的时候,RedirectURL为http的http://xxx.abc.com/callback【该url无S】
  4. init.go中有默认的RedirectURL为http,是不是这个原因导致获取token的时候为http而不是配置文件中配置的RedirectURL =HTTPS

Relevant logs and configurations

mismatched_redirect_uri

Version

v7.0.0
@710leo
Copy link
Member

710leo commented Mar 26, 2025

@prewang 和 init.go 没关系,你更新配置之后,使用的就是你保存的配置,可以确认下你在夜莺保存的配置是否是 https,以及你在 okta 保存的回调是否是 https 的

@prewang
Copy link
Author

prewang commented May 7, 2025

配置保存是成功的,而且https和http两种都配置过。我们是在n9e前面增加了反向代理,然后访问n9e后是https的方式。这种情况是否有测试过?n9e是http,所以导致okta返回mismatched_redirect_uri。我这边有和okta的厂家技术支持人员联系一起在调试,n9e这块处理机制不清楚,导致配置不成功

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@710leo @prewang