CallbackError with OmniAuth When Proxying Through Nginx

Question

So I'm using OmniAuth with the GitHub strategy to handle user authentication for my project. When accessing the Rails server directly, everything works as it should. I recently set up Nginx to handle proxying between my development frontend and backend servers. Now when I visit /auth/github, OmniAuth fires off the request to GitHub, but then fails on the callback with:

Started GET "/auth/github/callback?error=redirect_uri_mismatch" for 127.0.0.1 at 2014-01-22 11:54:35 -0800
I, [2014-01-22T11:54:35.365773 #13656]  INFO -- omniauth: (github) Callback phase initiated.
E, [2014-01-22T11:54:35.366091 #13656] ERROR -- omniauth: (github) Authentication failure! redirect_uri_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, redirect_uri_mismatch
E, [2014-01-22T11:54:35.366149 #13656] ERROR -- omniauth: (github) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, redirect_uri_mismatch

I have set the callback URL in my application's settings on GitHub to the correct URL and it's obviously making the request properly, just with this mysterious redirect_uri_mismatch.

Here's my Nginx server block:

server {
    listen       8080;
    server_name  localhost;

    location / {
        proxy_pass http://localhost:9000;
    }

    location /api/ {
        proxy_pass http://localhost:3000;
    }

    location /auth/ {
        proxy_pass http://localhost:3000;
    }
}

I can't really see any good reason why this shouldn't be working, though I am a relative noob to configuring Nginx.

score 4 · Accepted Answer · answered Jan 28 '14 at 01:05

Ok, so the issue here was that I wasn't setting my headers properly. Adding the following to my location blocks in my Nginx config fixed this:

location /api/ {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Client-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_pass http://localhost:3000;
}

Tim Kozak · Answer 2 · 2021-03-26T14:49:53.597

1

OMG, it took me a month to fix this. I constantly were getting - No route matches [GET] /auth/facebook

Nginx conf

location @rails {
    proxy_set_header Host $http_host;
    proxy_set_header Client-IP $remote_addr;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://rails_app;
  }

Gemfile

#auth
gem 'omniauth-facebook', '~> 8.0'
gem 'omniauth', '~> 1.9.1' #this is important

application.rb

config.force_ssl = ENV['CLIENT_URL'].include?("https")

omniauth.rb

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
          scope: 'email',
          callback_path: '/api/v1/auth/facebook/callback',
          image_size: 'large',
          secure_image_url: true,
          display: 'touch'
end

edited Mar 26 '21 at 14:49

answered Mar 16 '21 at 08:03

Tim Kozak

4,026
39
44

I'm not sure what *CLIENT_URL* is meant to be but setting `config.force_ssl = true` did the trick for google oauth2. – mlt Aug 12 '21 at 03:35
That's the way to detect https. CLIENT_URL is a redirect domain. – Tim Kozak Aug 12 '21 at 05:52
can u share ur full nginx config? – buncis Apr 13 '23 at 22:52
1

@buncis https://pastebin.com/Dz7wzrwm you need to change [host] – Tim Kozak Apr 15 '23 at 23:19
@TimKozak hat app server did you use? puma? – buncis Apr 16 '23 at 10:12
1

@buncis yes it was puma. let me know – Tim Kozak Apr 17 '23 at 04:07

CallbackError with OmniAuth When Proxying Through Nginx

2 Answers2

Linked