0

I am trying to setup a local drone server to be used as our CI environment. Our source code is managed by Github. First, I create an oauth application on Github and get the client_id and client_secret. Then install docker and drone, after that I did below configuration on /etc/drone/dronerc

REMOTE_DRIVER=github
REMOTE_CONFIG=https://github.com?client_id=XXXXXX&client_secret=XXXXXX
DATABASE_DRIVER=sqlite3
DATABASE_CONFIG=/var/lib/drone/drone.sqlite

Then I run below command to start drone docker container:

sudo docker run \
  --volume /var/lib/drone:/var/lib/drone \
  --volume /var/run/docker.sock:/var/run/docker.sock \
  --env-file /etc/drone/dronerc \
  --restart=always \
  --publish=80:8000 \
  --detach=true \
  --name=drone \
  drone/drone:0.4

I access the drone link on the browser, I can see a login button. As shown below.

enter image description here

When I click on the login button, my callback url is notified with below error message:

error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.

Below is the server code for the Github callback url:

get '/oauth/authorize' do
  # get temporary GitHub code...
  session_code = request.env['rack.request.query_hash']['code']

  # ... and POST it back to GitHub
  result = RestClient.post('https://github.com/login/oauth/access_token',
                          {:client_id => CLIENT_ID,
                           :client_secret => CLIENT_SECRET,
                           :code => session_code},
                           :accept => :json)

  # extract the token and granted scopes
  access_token = JSON.parse(result)['access_token']
  redirect 'http://10.0.0.24/'
end

In the last line of the above code, the redirect address is drone server address. I may be do a wrong thing on the OAuth authentication part but I don't know how to do that in a correct way. Does anyone know how to implement that part to allow drone to get access on my Github account?

Thanks

Joey Yi Zhao
  • 37,514
  • 71
  • 268
  • 523

1 Answers1

1

When you create the Drone application in GitHub there is a redirect url field that should be set to something like http://hostname.com/authorize

When performing the oauth flow, Drone provides a redirect_url query parameter to GitHub indicating where to redirect after successful login. The below error message suggests the redirect_url query parameter does not match what was configured in GitHub

The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application

From the github documentation

If you provide a redirect_uri that doesn't match what you've registered with your application, GitHub will redirect to the registered callback URL with the following parameters summarizing the error

Note that these values must be an exact match. Even a simple http vs https mismatch will cause an error.

It is a bit unclear what the purpose of the Ruby code is, since Drone is written in Go. So unfortunately that is not something I am able to comment on.

I can say the most common error is incorrectly configuring the redirect url, or running Drone behind a reverse proxy without configuring X-Forwarded-For and X-Forwarded-Proto per the documentation. Drone uses these values, when running behind a reverse proxy, to determine its own URL which is in turn used when setting the redirect_url value.

Brad Rydzewski
  • 2,523
  • 14
  • 18