重定向 fastapi 中的 uri 不匹配

Question

I hope everyone is fine. I am trying to implement google sso on my fastapi app. after entering the user credentials is entered and it gets redirected while redirecting i am getting this error

google_sso = GoogleSSO("client-id", "client-secret", "http://127.0.0.1:8000/google/callback/")

@app1.get("/google/login")
async def google_login():
    """Generate login url and redirect"""
    return await google_sso.get_login_redirect()


@app1.get("/google/callback")
async def google_callback(request: Request):
    """Process login response from Google and return user info"""
    user = await google_sso.verify_and_process(request)
    print("Hellooooooooooooooo")
    print(user, "11111111111111")
    return {
        "id": user.id,
        "picture": user.picture,
        "display_name": user.display_name,
        "email": user.email,
        "provider": user.provider,
    }

I have shared the URL configuration in google dashboard in below screenshot

enter image description here

the error i have mentioned below

oauthlib.oauth2.rfc6749.errors.CustomOAuth2Error: (redirect_uri_mismatch) Bad Request

Answer 1

The problem could lay in the process_login() function which is getting called in the verify_and_process() function in your /callback api.

Let's take a look inside the process_login() function ( https://tomasvotava.github.io/fastapi-sso/sso/base.html#fastapi_sso.sso.base.SSOBase.verify_and_process ):

async def process_login(self, code: str, request: Request) -> Optional[OpenID]:
"""This method should be called from callback endpoint to verify the user and request user info endpoint.
This is low level, you should use {verify_and_process} instead.
"""
url = request.url
current_url = str(url).replace("http://", "https://")
current_path = f"https://{url.netloc}{url.path}"

I guess the (redirect_uri_mismatch) error is because you are using a HTTP redirect_url in your GoogleSSO() call:

google_sso = GoogleSSO("client-id", "client-secret", "http://127.0.0.1:8000/google/callback/")

Inside the process_login() function the HTTP of the redirect url inside the url of your request is replaced with HTTPS:

url = request.url    
current_url = str(url).replace("http://", "https://")

After that replacement you have a mismatch with your redirect url, because

https://127.0.0.1:8000/google/callback/ 

is not

http://127.0.0.1:8000/google/callback/

They are two different urls.

Solution could be that you secure your server with HTTPS via self signed certificates. (That one is very simple: https://dev.to/rajshirolkar/fastapi-over-https-for-development-on-windows-2p7d )

Btw. did you register you app in the google cloud ( https://developers.google.com/identity/sign-in/web/sign-in )? Because you are using "client-id" and "client-secret" as parameters.

Answer 2

1. try it use 127.0.0.1:8000/google/callback #remove /

or

2. fix url @app1.get("/google/callback/") #add /

Answer 3

This is because the port number is changing in the redirect URI, everytime you run the application. So everytime you run it it becomes:

http://localhost:65280/
http://localhost:65230/
http://localhost:63280/

And so forth. I dont have a solution for you yet. Working on it myself right now.