I am trying to deploy a fullstack application however I am not able to send my backend.
My /api route fails to resolve and I get this error message from heroku logs:
Reason: 'accessDenied.invalidIp',
Message: 'Invalid authorization: API key does not allow access from IP xx.xxx.xxx.xx'
I have recognized my request is failing because I am required to provide authorization. I am able to configure this locally and get it to work however I cannot configure how I can do this for public deployment.
I have tried the CORS module in order to whitelist my IP however it still doesn't work.
If anyone can provide some advice or a solution to effectively resolve this it would be much appreciated.
Related
I'm getting this error Error 400: redirect_uri_mismatch even after giving the proper redirect uri. You can check the images below for the reference. It works for my localhost but it shows this error for my server. My domain looks like https://xxx.topLevelDomain.com. I'm not able to find the possible cause of this issue after surfing most of the issues related to this error. Although, I guess the issue maybe because I'm using a subdomain here, but still not sure if its the issue.
Application info:
frontend is in react hosted on https://someTopLevelDomain.com
backend is in spring boot hosted on https://someSubdomain.someTopLevelDomain.com
Your application is sending from as http to a .com domain
In google developer console you have only one http domain listed and that is localhost
The redirect uri you are sending from must exactly match one that you have added in google cloud console.
To understand how to set up your redirect uri properly check Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.
where is the redirect uri comming from
Depending upon the programing language, the ide and the client library you may be using will define what redirect uri your application is calling from.
For example i know that visual studio likes to add random ports with C#. I cant tell you what is generating your redirect uri i can only tell you that
The following needs to be added to your google cloud console.
http://________.com/login/oauth2/code/Google
or you need to figuer out what is setting the host on your requests and set it to use https so that you can use the one that you have there now
https://________.com/login/oauth2/code/Google
I would like to test some real data with plaid and that's why i am using development environment now instead of sandbox. And I am confused what redirect uri should i use.
This is the error on my localhost:3000.
Unable to fetch link_token: please make sure your backend server is running and that your .env file has been configured correctly.
Error Code: INVALID_FIELD
Error Type: INVALID_REQUEST
Error Message: redirect_uri must use HTTPS
I understand that for development envrionment we should use https instead of http, but I wonder what uri should i redirect to if i am only testing the API?
Thank you
If you don't particularly care about using the Quickstart with OAuth redirect flows, and just want to use live data from Development, you should just be able to leave that field blank.
I have a spring boot application integrated with Azure AD SAML login. I have followed this sample to achieve this. It works fine in localhost but on deployment to a prod url, it keeps giving below error
the redirect uri that I see in the authorization request URL starts with http. This is contradictory because Azure App Registration does not allow to configure any non https URLs and only exception is localhost.
In order to match URLs, I tried editing App Registration's manifest in Azure portal to make it http. Now, it seems URLs match but then I get below error:
I have also tried setting https URL both on azure portal and application.properties using "azure.activedirectory.redirect-uri-template" as mentioned in stack overflow post here but that also does not work.
I have also gone through this post but that also didn't help.
Any help would be much appreciated.
In order to solve the error of redirecting to https but the redirect_uri in request still starts with http, there are two similar issues:
1. The HTTPS requests terminate at the proxy and the proxy then uses HTTP protocol to communicate to your Tomcat server. You will face this if you deploy your code on cloud providers like App Service. Answer is here.
In application.properties:
security.oauth2.client.pre-established-redirect-uri=https://yourappurl.net/login
security.oauth2.client.registered-redirect-uri=https://yourappurl.net/login
security.oauth2.client.use-current-uri=false
server.tomcat.remote-ip-header=x-forwarded-for
server.tomcat.protocol-header=x-forwarded-proto
server.tomcat.use-relative-redirects=true
server.use-forward-headers=true
server.tomcat.internal-proxies=.*
2. Add server.forward-headers-strategy=native in applications.properties. Answer is here. For more about this setting, see here.
I have verified access to my domain (http://ec2-54-67-124-251.us-west-1.compute.amazonaws.com:8080/) and registered it in APIs and Services.
But I still get "pubsub error INVALID_ARGUMENT" when setting it in the push endpoint.
Any ideas?
The endpoint you are trying to use is not consistent with what the docs indicate that you need: "an HTTPS server with non-self-signed certificate accessible on the public web."
I followed every instructions from this site Google Dev Console site
and my web app was working well in http://localhost. No issues.
Now I deployed the web app in the AWS-EC2 server. I also added the Javascript Origins to show my 'subdomain.domain.com'. Upon hitting the button 'Google Login' from webapp on subdomain.domain.com, the google-authentication is not working ; shows the below error, where XX.YY.ZZ.AA is my AWS EC2 instance IP;
Error: invalid_request
Permission denied to generate login hint for target domain.
Request Details
redirect_uri=storagerelay://http/XX.YY.ZZ.AA?id=auth736964
response_type=permission id_token scope=email profile openid
openid.realm=
client_id=625394219770-q0qilkfl05m2fortt25j2j63e2dn6c1r.apps.googleusercontent.com
ss_domain=http://XX.YY.ZZ.AA fetch_basic_profile=true gsiwebsdk=2
That’s all we know.
I am asking for help on how to resolve this. Is it a EC2 forward issue, because the google error is not showing my subdomain.domain.com instead EC2-ip address. or something else?