Skip to content

Revert "Fix callback url"

Wei-Meng Lee requested to merge revert-1322146b into master

What does this MR do?

This change to the recommended settings (/users/auth/github/callback) on the GitHub side was causing GitHub project imports to fail.

For GitHub project imports, we create a redirect_uri of the form /users/auth/-/import/github (see https://gitlab.com/gitlab-org/gitlab-ee/commit/88f2e9615cbb6ed976e65ca96af271d747ed8cce).

When trying to create a new project via GitHub import, you'd then end up with the following error:

Started GET "/import/github/new" for 158.140.135.230 at 2019-06-05 23:52:57 +0000
Processing by Import::GithubController#new as HTML
Redirected to https://github.com/login/oauth/authorize?client_id=615eb3a04b462bb8b29f&redirect_uri=https%3A%2F%2Fgitlab.weimeng.dev%2Fusers%2Fauth%2F-%2Fimport%2Fgithub%2Fcallback&response_type=code&scope=repo%2C+user%2C+user%3Aemail
Completed 302 Found in 25ms (ActiveRecord: 3.5ms | Elasticsearch: 0.0ms)

Started GET "/users/auth/github/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch" for 158.140.135.230 at 2019-06-05 23:52:58 +0000
Processing by OmniauthCallbacksController#failure as HTML
  Parameters: {"error"=>"redirect_uri_mismatch", "error_description"=>"The redirect_uri MUST match the registered callback URL for this application.", "error_uri"=>"https://developer.github.com/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch"}
Redirected to https://gitlab.weimeng.dev/users/sign_in
Completed 302 Found in 32ms (ActiveRecord: 2.6ms | Elasticsearch: 0.0ms)

The authorization callback URL needs to be /users/auth/ to support both the login case and the project import case.

Reported by customer via Zendesk (internal use only).

Related issues

Author's checklist

  • Follow the Documentation Guidelines and Style Guide.
  • Link docs to and from the higher-level index page, plus other related docs where helpful.
  • Apply the ~Documentation label.

Review checklist

All reviewers can help ensure accuracy, clarity, completeness, and adherence to the Documentation Guidelines and Style Guide.

1. Primary Reviewer

  • Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes.

2. Technical Writer

  • Optional: Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable DevOps stage.

3. Maintainer

  1. Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
  2. Ensure a release milestone is set and that you merge the equivalent EE MR before the CE MR if both exist.
  3. If there has not been a technical writer review, create an issue for one using the Doc Review template.

Merge request reports