Implicit Flow redirect_uri does not match

[matteosuppo]

Hello, I have this client

{
  "client_name":"id",
  "client_secret":"$2a$11$Yu7HqHo4FXGxXeSFOS2Rv.1MrCTbUF6lyRL/z2Z5RkB8/62258RKK",
  "client_uri":"",
  "contacts":[

  ],
  "grant_types":[
    "implicit"
  ],
  "granted_scopes":[
    "core"
  ],
  "id":"test",
  "logo_uri":"",
  "owner":"",
  "policy_uri":"",
  "redirect_uris":[
    "http://172.17.0.2:3000"
  ],
  "response_types":[
    "token"
  ],
  "tos_uri":""
}

I'm trying to login with the implicit flow with this url: http://localhost:4444/oauth2/auth?client_id=test&response_type=token&state=statestate&scope=core&redirect_uri=http%3A%2F%2F172.17.0.2%3A3000

Hydra gives me this error:

sso_1        | time="2016-07-06T14:48:15Z" level=info msg="Got error." error="redirect_uri parameter does not match with registered client redirect urls: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed" stack=[authorize_request_handler.go:38 handler.go:67 handler.go:29 router.go:344 server.go:1910 server.go:2081 server.go:1472 asm_amd64.s:1998] 

Is there a way to investigate what am I doing wrong?

[boyvinall]

Hi @matteosuppo, I think this is probably the same issue that I had a little while back. See https://github.com/ory-am/fosite/blob/dfb047d52b75b5d8a28bcd8d70a3e139da289da1/authorize_helper.go#L96 .. you 'll want to either specify https or somehow use the localhost IP.

[matteosuppo]

Yes, that's definitely it. Thank you.

[boyvinall]

BTW, I think you might also need to specify an 8-char nonce in your request too.

[matteosuppo]

Uhm no, it gives me the same issue even if I use https and a 8char nonce

[boyvinall]

did you update it in your client definition as well as the redirect_uri URL query param? The query param has to be one of the (potentially multiple) registered against the client.

[matteosuppo]

Yes, now it's "redirect_uris": [ "https://172.17.0.2:3000/", ]

[matteosuppo]

Tomorrow I'll try to run hydra with a lot of custom log.Print()

[boyvinall]

FWIW, I've got a lot of mileage from the vscode golang debugger integration. You can connect to a remote host, set breakpoints and single-step code. See https://github.com/Microsoft/vscode-go#optional-debugging. I'm running this on a remote host as

cd $GOPATH/src/github.com/ory-am/hydra ; dlv attach --headless --listen=:2345 --log $(pgrep hydra)

then configure a vscode debugger launch.json as:

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Remote",
            "type": "go",
            "request": "launch",
            "mode": "remote",
            "remotePath": "/remote/path/to/gocode/src/github.com/ory-am/hydra",
            "port": 2345,
            "host": "<remote-ip>",
            "program": "${workspaceRoot}",
            "env": {}
        }
    ]
}

It doesn't take that long to get setup, and it's saved me a ton of custom log prints 😃

[aeneasr]

Hey yes, that should be clarified in the docs. The empty path always defaults to /.

[matteosuppo]

By debugging I found out that the trailing / in the redirect_uri from database was the culprit.

I'll never mistrust hydra again, I am ready to comply.

[aeneasr]

this is now documented in the faq section in the readme.

[nishaantchauhan]

Hi @matteosuppo @aeneasr @boyvinall

Facing the same issue by following tutorial when i set all localhost and callback url as a my server's IP