I'm having an issue configuring multiple callback urls for a Service Provider in WSO2 Identity Server. This process is necessary for my team to support SLO (Single Logout) with a post logout redirect url.
Callback URL Configuration
The WSO2 online documentation describes the correct way to do this process here. I have followed those step and configured my Callback URL as follows:
regexp=(http://localhost:8080/login-callback|http://localhost:8080/logout-callback)
This process works, and I am able to configure the two Callback URLs.
Unintended "checksession" Side Effect
Once the callback urls are configured, the checksession endpoint stops working. The error message I get from the endpoint says "Invalid OP IFrame Request". That checksession call uses a url like this: https://<wso2host>/oidc/checksession?client_id=<clientid>
I verified that the checksession endpoint works if I configure either of my redirect urls individually
http://localhost:8080/login-callback
http://localhost:8080/logout-callback
But fails if I use the regexp syntax. Failure occurs in each of these scenarios:
regexp=(http://localhost:8080/login-callback|http://localhost:8080/logout-callback)
regexp=(http://localhost:8080/login-callback)
regexp=(http://localhost:8080/logout-callback)
Am I missing a configuration step needed for either the callback urls or the checksession endpoint?
I ended up finding the solution from a hint in the WSO2 logs.
When multiple callback urls are defined, the request for the checksession endpoint must specifiy a callback url as well. The correct checksession reqeust for my scenario was:
https://<wso2host>/oidc/checksession?client_id=<clientid>&redirect_uri=<redirecturi>
Related
I am trying to make use of functional url in case of mono lambda function, I have created a functional url with no security.
URL was created successfully, but Not able to hit that url using postman. So I use chrome web browser to hit my url(Get request). But the problem was whenever I hit the url, My function gets executed twice.
If anyone have faced same issue, Please assist.
There are two possibilities I can think off-
Chrome/browser sending another request for favicon.png
If you have configuration on server side that enforce HTTP to HTTPS conversion of the request, like re-direct to enforce SSL connection. In that case as well, browser send one request HTTP and redirect request to HTTPS. e.g when you hit- http://example.org, if it enforce the https, then again browser send another request to https://example.org.
You need to check possibilities here using network trouble shooting. Hope this will help you!
I am consuming PCC API, There are two way by using different URLs:
https://connect.pointclickcare.com/auth/token
https://connect2.pointclickcare.com/auth/token
Both using same haeder and bodey excpet onre thinh that is 2nd URLs need two SSL Authentication.
I am able to consume with 1st URL.
Now I added client certificate to try to consume 2nd URL, however I am facing error and also two less value are being sent in header(Same Request
parameter is being used I only change URL for both request.)
Error: INCORRECT_PASSWORD
Screenshot is attached.
I finally found the problem, Passphrase was not added for Client Certificate being sent with http request. so I added with passphrase and now it worked fine.
I have a custom domain name in AWS API gateway. I am using the same domain for 2 separate API stages. One API stage is REST API, and the other HTTP API.
When I test out my setup, everything works for the REST API. However, the mapping path for HTTP API is not working and I get status-code = 404 Not Found, with 0kb body.
references used:
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-mappings.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html
From my testing in postman, i get the following result when calling the custom domain.
1. {{api.gateway.custom.domain.url}}/foobar - works
2. {{api.gateway.custom.domain.url}}/this-no-work/foobar - 404
3. {{api.gateway.custom.domain.url}}/this-works/foobar - works
does anyone know why (2) gives 404? api-gateway REST API with mapping works while api-gateway HTTP API will return 404 with 0kb body. Is there something I am missing?
note: the (none) path mapping has been added for a sanity check, and I was able to get the expected response.
I had the same problem.
The problem is in the configuration of routers of your application.
When you configure one API mapping in AWS API Gateway, the configured path (this-no-work) is passed to your web application as a prefix of routes.
SO ... if you have one route like this:
/api/foobar
you need configure one more route with the prefix point to the same action:
/this-no-work/api/foobar
A good one is to make one global configuration to your web app.
You can note it enabling the cloudwatch logs of your API Gateway stage and looking into the cloudwatch logs the path property passed from API Gateway to the Web application.
Thanks to answer from #gean-ribeiro, I was able to figure why my HTTP API was returning 404 Not Found.
Turns out it was not an issue with HTTP API. The error 404 Not Found with 0kb body was coming from the API integration sitting behind APIG. Specifically, it was a load balancer using rules based on HTTP path pattern.
By default, any unmatched path pattern will return 404 with text/plain body. this-no-work was a new HTTP API I added, and it did not have the necessary listener rules.
Once I added a new listener rule for HTTP Path pattern is /this-no-work/*, it worked as expected..
when default endpoin is created in my case it uses this pattern
https://{api_id}.execute-api.{region}.amazonaws.com/
an answer might be: Disable the default endpoint for an HTTP API
more details here
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-disable-default-endpoint.html
I am trying to implement all-auth using Github in my django project. I have set the callback url as per this tutorial. So far, even if the login page for github shows up, it doesn't call back properly and I get this error in the url
http://127.0.0.1:8000/accounts/github/login/callback/?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=exDbVJKNYzUI
This is the github repo of the project.
http://127.0.0.1:8000/accounts/github/login/callback/
is my authorization callback url set as per the tutorial.
Any insight to why the callback url is not working is welcome. Thanks.
For those who are looking for an answer to this,
if you configure the callback url to be from 127.0.0.1, make sure you're requesting the callback from the same url. Although localhost and 127.0.0.1 both point to the same, it is different urls. So you will get url mismatch error.
If you defined authorization callback in the GitHub UI with https protocol than this setting solves the issue:
ACCOUNT_DEFAULT_HTTP_PROTOCOL='https'
This is coming from the answer found here: Django allauth google OAuth redirect_uri_mismatch error
I’m using AWS API Gateway at https://console.aws.amazon.com/apigateway/home
I did all of the steps to set up a proxy for http://foo.com (example)
I deployed it and the URL is http://bar.com (example)
When I go to http://bar.com/hello, it redirects me to http://foo.com/hello
I want it to stay at http://bar.com/hello, but deliver the contents from http://foo.com/hello like a normal proxy service
Note: My primary intent is to get around CORS issues with a service
It seems to me that whatever service you're using is forcing the redirect like #Steve's comment mentioned. They might be forcing HTTP_REFERER to be a certain domain.
Since I don't know what service you're calling this is just a guess.