Hello guys!
Hope everyone is safe and well. I am having an issue with Google OAuth integration, where Google responds with redirect_uri_mismatch error.
I double checked my configuration and searched in the topics, but did not find any error or solution. I am running grafana version 6.7.4 in Docker, behind an nginx reverse proxy which does SSL termination. This is my current configuration is (relevant sections only):
# Protocol (http or https)
protocol = http
# The ip address to bind to, empty will bind to all interfaces
;http_addr =
# The http port to use
http_port = 3000
# The public facing domain name used to access grafana from a browser
domain = grafana.mydomain.net
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = https://grafana.mydomain.net
[auth.google]
enabled = true
allow_sign_up = true
client_id = [redacted-google-client-id]
client_secret = [redacted-google-client-secret]
scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token
api_url = https://www.googleapis.com/oauth2/v1/userinfo
allowed_domains = mydomain.net
In my Google credentials I set up https://grafana.mydomain.net/login/google
as redirect URL, which is the URI grafana should send to Google, but when trying to access using Google Auth I get the following error:
The redirect URI in the request, http://grafana.mydomain.net:3000/login/google,
does not match the ones authorized for the OAuth client.
My guess is that grafana is building the redirect URI based on protocol
, domain
and port
rather than using the root_url
option.
For the configuration, I used this page as a guide: https://grafana.com/docs/grafana/v6.7/auth/google/
Any input or help will be very much apreciated.
Thanks in advance,
Diego