Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow explicitly providing redirect_uri for github sign in #1022

Open
stefanprobst opened this issue Mar 15, 2024 · 3 comments
Open

allow explicitly providing redirect_uri for github sign in #1022

stefanprobst opened this issue Mar 15, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@stefanprobst
Copy link
Contributor

stefanprobst commented Mar 15, 2024
edited

when trying to deploy keystatic on our infrastructure, i am running into an issue with the redirect_uri setting for github sign in.

the callback uri in the github app is configured to use the /api/keystatic/github/oauth/callback route on the domain the app is deployed to, however the redirect_uri actually used by keystatic is using a hostname internal to our cluster infra. (in our case, the correct hostname would be only on x-forwarded-host header)

which means i cannot sign in, but instead see this error:

An error occurred when trying to authenticate with GitHub:
The redirect_uri MUST match the registered callback URL for this application.

the redirect_uri query param is constructed here by keystatic:

keystatic/packages/keystatic/src/api/generic.ts

Lines 375 to 378 in bcc3c69

url.searchParams.set(
'redirect_uri',
`${reqUrl.origin}/api/keystatic/github/oauth/callback`
);

allowing to set the redirect url explicitly via environment variable would work around this issue i think.
@emmatown
Copy link
Member

Could you share what framework you're using? I believe Next.js respects x-forwarded-host in the URL passed to route handlers but I think Astro might not, we could probably handle that ourselves

@stefanprobst
Copy link
Contributor Author

stefanprobst commented Mar 20, 2024
edited

i am using Next.js (14.2.0-canary.30), and am currently using a work-around modelled after this comment, which seems to do the trick:

import { makeRouteHandler } from "@keystatic/next/route-handler";

import config from "@/keystatic.config";

const { GET: _GET, POST: _POST } = makeRouteHandler({ config });

function rewriteUrl(request: Request) {
    const forwardedHost = request.headers.get("x-forwarded-host");
    const forwardedProto = request.headers.get("x-forwarded-proto");

    if (forwardedHost && forwardedProto) {
        const url = new URL(request.url);

        url.hostname = forwardedHost;
        url.protocol = forwardedProto;
        url.port = "";

        return new Request(url, request);
    }

    return request;
}

export function GET(request: Request) {
    return _GET(rewriteUrl(request));
}

export function POST(request: Request) {
    return _POST(rewriteUrl(request));
}

EDIT: same thing is needed for the preview/draft mode endpoint

@johnpaulkiser
Copy link

I am also running into this error using Remix + Vite deployed to fly.io.

No issues authenticating locally with github but then i receive An error occurred when trying to authenticate with GitHub: The redirect_uri MUST match the registered callback URL for this application. when i try to sign in against my hosted app.

@jossmac jossmac added the enhancement New feature or request label Apr 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jossmac @emmatown @johnpaulkiser @stefanprobst