"The redirect URI included is not valid." When using Gitlab.com as OAuth provider on url with explicit port

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Summary

When you set up a local install of Gitlab-CE/EE using the external_url "http://localhost" in gitlab.rb, and configure an application on gitlab.com to handle OAuth requests with redirect url including a port (almost ubiquitous on localhost installs), e.g. "http://localhost:8181/users/auth/gitlab/callback", logins are blocked with the error "The redirect URL included is not valid."

Steps to reproduce

See summary.

Example Project

N/A

What is the current bug behavior?

OAuth Login is blocked after providing Gitlab.com credentials during the redirect step, at the url: https://gitlab.com/oauth/authorize?client_id=****&gl_auth_type=login&redirect_uri=http%3A%2F%2Flocalhost%2Fusers%2Fauth%2Fgitlab%2Fcallback&response_type=code&scope=read_user&state=**** with "An error has occurred The redirect URI included is not valid."

What is the expected correct behavior?

User should be logged in and redirected back to http://localhost:8181/

Relevant logs and/or screenshots

N/A

Output of checks

N/A

Results of GitLab environment info

Expand for output related to GitLab environment info


System information
System:
Current User:   git
Using RVM:      no
Ruby Version:   2.7.7p221
Gem Version:    3.1.6
Bundler Version:2.3.15
Rake Version:   13.0.6
Redis Version:  6.2.8
Sidekiq Version:6.5.7
Go Version:     unknown

GitLab information
Version:        15.8.1
Revision:       383efe57adf
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     13.8
URL:            http://localhost
HTTP Clone URL: http://localhost/some-group/some-project.git
SSH Clone URL:  git@localhost:some-group/some-project.git
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers: gitlab

GitLab Shell
Version:        14.15.0
Repository storages:
- default:      unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell

Results of GitLab application Check

Expand for output related to the GitLab application check

Checking GitLab subtasks ...

Checking GitLab Shell ...

GitLab Shell: ... GitLab Shell version >= 14.15.0 ? ... OK (14.15.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Gitaly ...

Gitaly: ... default ... OK

Checking Gitaly ... Finished

Checking Sidekiq ...

Sidekiq: ... Running? ... yes Number of Sidekiq processes (cluster/worker) ... 1/1

Checking Sidekiq ... Finished

Checking Incoming Email ...

Incoming Email: ... Reply by email is disabled in config/gitlab.yml

Checking Incoming Email ... Finished

Checking LDAP ...

LDAP: ... LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab App ...

Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Cable config exists? ... yes Resque config exists? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Systemd unit files or init script exist? ... skipped (omnibus-gitlab has neither init script nor systemd units) Systemd unit files or init script up-to-date? ... skipped (omnibus-gitlab has neither init script nor systemd units) Projects have namespace: ... 2/1 ... yes 5/2 ... yes 5/3 ... yes 5/4 ... yes 5/5 ... yes 5/6 ... yes 5/7 ... yes 5/8 ... yes 5/9 ... yes 5/10 ... yes 20/11 ... yes 5/12 ... yes 5/13 ... yes 5/14 ... yes 5/15 ... yes 5/16 ... yes Redis version >= 6.0.0? ... yes Ruby version >= 2.7.2 ? ... yes (2.7.7) Git user has default SSH configuration? ... yes Active users: ... 53 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes

Checking GitLab App ... Finished

Checking GitLab subtasks ... Finished

Possible fixes

The cause is a mismatch between the external_url which HAS TO BE http://localhost and the gitlab.com application redirect url which HAS TO BE http://localhost:8181/users/auth/gitlab/callback. There is no way to make these the same without introducing a far more catastrophic failure (the whole app produces ERR_NO_RESPONSE when configured with a port in gitlab.rb and if the port is excluded from the redirect uri on gitlab.com then it redirects to the wrong place).

gitlab.com should infer the port in the redirect (bad solution) OR the application should be amended to allow the port to be specified in the external_url variable (better). The second solution is correct because it will apply to any OAuth provider, not just Gitlab.com.

Edited Sep 25, 2025 by 🤖 GitLab Bot 🤖