Solara•17mo ago

Redirect URI error when testing login in solara app

Hi, I am trying to test an auth example in solara via okta. I have configured my app in okta following the solara docs and I am trying to test (locally) a simple login button. The relevant part of the snippet is

import solara
from solara_enterprise import auth

@solara.component
def Page():
 
  [...]

  if not auth.user.value:
      #print(auth.get_login_url())
      with solara.Tooltip('Login'):
          solara.Button(icon_name="mdi-login", href=auth.get_login_url(), icon=True)

import solara
from solara_enterprise import auth

@solara.component
def Page():
 
  [...]

  if not auth.user.value:
      #print(auth.get_login_url())
      with solara.Tooltip('Login'):
          solara.Button(icon_name="mdi-login", href=auth.get_login_url(), icon=True)

I see the

login

login

button appear in my app but when I click on it a get a

invalid_request

invalid_request

error in the browser saying that the

redirect_uri

redirect_uri

parameter in the request did not match any of the Login redirect URIs configured in the client application settings. If I print the output of

get_login_url

get_login_url

I get

/_solara/auth/login?redirect_uri=http%3A//localhost%3A8080

/_solara/auth/login?redirect_uri=http%3A//localhost%3A8080

which is missing the main base url (what sets that value?)? Am I missing something in the configuration? I am setting these in my

.env

.env

SOLARA_SESSION_SECRET_KEY=<<mysecretkey>>
SOLARA_OAUTH_CLIENT_ID=<<myclientid>>
SOLARA_OAUTH_CLIENT_SECRET=<<myclientsecret>>
SOLARA_OAUTH_API_BASE_URL=https://<<myissuer>>
SOLARA_SESSION_HTTPS_ONLY=False
SOLARA_BASE_URL=http://localhost:8080

SOLARA_SESSION_SECRET_KEY=<<mysecretkey>>
SOLARA_OAUTH_CLIENT_ID=<<myclientid>>
SOLARA_OAUTH_CLIENT_SECRET=<<myclientsecret>>
SOLARA_OAUTH_API_BASE_URL=https://<<myissuer>>
SOLARA_SESSION_HTTPS_ONLY=False
SOLARA_BASE_URL=http://localhost:8080

and in okta I have set application login url as:

http://localhost:8080/_solara/auth/login

http://localhost:8080/_solara/auth/login

and allowed callback urls as:
authorize:

http://localhost:8080/_solara/auth/authorize

http://localhost:8080/_solara/auth/authorize

logout:

http://localhost:8080/_solara/auth/logout

http://localhost:8080/_solara/auth/logout

is this correct?

iisakkirotko•8/8/24, 7:48 PM

Hey @Cyrus! I suspect that you have to allow as a redirect url in your Okta configuration. I'm not familiar with Okta in particular, but usually there is something akin to a "URL configuration" section for OAuth providers, where valid redirect_urls should be listed.

If I print the output of get_login_url I get

/_solara/auth/login?redirect_uri=http%3A//localhost%3A8080

/_solara/auth/login?redirect_uri=http%3A//localhost%3A8080

That's correct. Since the url provided to starts with a slash, it is relative to the domain, and get's automatically added to the end of whatever domain you're on.

CyrusOP•8/8/24, 8:01 PM

I think I tried that before and didn't work. I'll try again and let you know

CyrusOP•8/8/24, 9:22 PM

Indeed I still get the browser error

CCyrus Indeed I still get the browser error 😦

iisakkirotko•8/8/24, 9:42 PM

Interesting. I'll give it a try tomorrow and we'll see where I get. We do officially only support auth0 and Fief, so I'm not sure if it's possible to make Okta work.

CyrusOP•8/8/24, 9:47 PM

Thanks. I think auth0 is okta?

CCyrus Thanks. I think auth0 is okta?

iisakkirotko•8/9/24, 6:44 AM

Ah I see. Then we should certainly be able to make it work

mariobuikhuizen•8/9/24, 2:39 PM

Is URL of the browser error your configured SOLARA_OAUTH_API_BASE_URL ? or is it showing: dev-y02f2bpr8skxu785.us.auth0.com?

CyrusOP•8/9/24, 3:02 PM

it looks like some default url associated with my configured domain. I don't see but it doesn't look like the right url either

CyrusOP•8/9/24, 3:05 PM

It is probbaly some misconfiguration on my end

CyrusOP•8/9/24, 8:10 PM

I think I got it to work for login. But log out url is still broken

CyrusOP•8/14/24, 1:24 AM

@mariobuikhuizen @iisakkirotko Looking at the get_logout_url function I see that it returns

Looking at this the url seems to have redundancy and combine elements from the Auth0 logout endpoint

and the OICD logout endpoint

Is this a bug or expected?

When I use as is in my app (which expects the oidc format) it leads to an error. Note, that I am setting because otherwise it uses . From , these are the endpoints that I would need to use:

but solara doesn't seem to be making use of these. Do you know if I have to write my own custom functions to get urls and make requests to handle auth, or can solara support this out of the box and I am somehow not doing it properly?

CyrusOP•8/14/24, 6:48 PM

Update. I can make the app auth work by using this

I am still wondering why returns that other url.