sso-google plugin: redirect_uri_mismatch

Alexander7938

Hi,

I'm trying to set up the sso-google plugin on my locally run nodebb website on a ubuntu machine.

I'm using nginx and it works to type in 'nodebbtest.com' in the URL directory of my webbrowser to reach the website (I've followed the ubuntu installation guide from nodebb here ). I've also included another change in the /etc/hosts file:

Here's how my nginx is setup (on /etc/nginx/sites-enabled and /etc/nginx/sites-available):

Both of those files are named "nodebbtest.com"

In the plugins menu of my Nodebb instance logged in as admin I've followed the instructions and set up the OAuth. Here you can see my setup in the Credentials directory:

And in the OAuth consent screen:

But when I try to login with Google on my page I get the " redirect_uri_mismatch" error. What am I doing wrong?

Alexander7938

@Alexander7938 I notice the double // in the credentials folder now, gonna see if that changes anything!

Alexander7938

@Alexander7938 I've waited about an hour now and still get the same error. So it does not seem to have solved the problem. What other things could I try? Does anyone know how to configure this plugin locally? Could there be a problem with using HTTP and not HTTPS?

Alexander7938

I clicked the "information for the developer" and my website was requesting the following instead:

redirect_uri=http://localhost:4567/auth/google/callback

Should I change the "Authorized redirect URIs" to this instead?

Alexander7938

I did change the "Authorized redirect URIs" to the one displayed above, now I'm getting a different error

How can I make sure the session has not expired? I tried restarting nodebb but it still gives me this error.

PitaJ

SSO is never going to work locally, because Google has to be able to contact your site in order to complete the process. Your hosts file only applies to your machine. I'm sure Google requires https as well.

Alexander7938

@PitaJ That makes a lot of sense, thank you for your answer!

julian

@PitaJ I don't think that's quite true. NodeBB kickstarts the login process, and all Google does is send back the code (via the user's browser) after login. NodeBB then verifies the code server-side and logs the user in, so it should work.

@Alexander7938 your issue is your redirect URI had the double slash. Once you fixed that, the issue remained that your config.json had url set to http://localhost:4567. Change that to http://nodebbtest.com

Alexander7938

@julian Thank you for your reply. I've made progress but there are still issues with getting it to work.

I get inconsistent errors now:
For the first Google account (all accounts are entered in the test users in Google API) I get this:

And the second account I get this:

The first account uses SMS-based 2FA and the second prompts my phone and I need to press "Yes" as 2FA if that tells anyone anything. I've cleared my cookies also prior to attempts but to no avail.

I created an entirely new Google account without 2FA and added it as a new test user in the Google API but get the same error as the first account. :/'

I'm going to run

./nodebb log

and see if I can get any useful information there.

Alexander7938

YES! I got it working The problem was NodeBB 2FA was redirecting the user and that caused the error.