Search code examples
flaskgoogle-oauthflask-dance

Flask-Dance uses localhost instead of domain when redirecting

I have an app which is using Flask-Dance for Google Login authentication. When I try to login, it says that I am redirecting from 127.0.0.1:9852 which is where my app is running in the server, but I have an apache configuration which is assigning a server name to that address (xxx.xxx.com)

I registered in my Google Console the domain in the authorized URIs. Still, when I try to access the login part, it says that 'The redirect URI in the request, http://127.0.0.1:9852/google/authorized, does not match the ones authorized for the OAuth client.'

So I did register that address, and it does let me login, but when it tries to redirect it says that it can't find the server '127.0.0.1'. Is there anyway I can use my domain as the actual authorized URI?

This is my blueprint: 

blueprint = make_google_blueprint(
    client_id="id",
    client_secret="secret",
    scope=['https://www.googleapis.com/auth/userinfo.profile', 'https://www.googleapis.com/auth/userinfo.email',
           'openid'],
    storage=SQLAlchemyStorage(OAuth, db.session, user=current_user),
    redirect_url='questions.view_all')

EDIT: Here is the Apache2 conf file:

    <VirtualHost *:80>
            ServerName xxx.xxx.com
            ServerAlias xxx.xxx.com
            ServerAdmin em@il.com
            # Redirect http to https
            RedirectMatch 301 (.*) https://xxx.xxx.com$1
    </VirtualHost>

    <VirtualHost _default_:443>
            ServerName xxx.xxx.com
            ServerAlias xxx.xxx.com
            ServerAdmin em@il.com

            #   Enable/Disable SSL for this virtual host.
            SSLEngine On
            SSLProxyEngine On

            # Web root
            ProxyPass /  http://127.0.0.1:9852/
            ProxyPassReverse /  http://127.0.0.1:9852/

            # Log configuration
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            # Self signed SSL Certificate file
            SSLCertificateFile      /etc/apache2/ssl/certs/cert.crt
            SSLCertificateKeyFile /etc/apache2/ssl/private/cert.key
    </VirtualHost>
Solution

  • I registered in my Google Console the domain in the authorized URIs

    The full redirect URL should be registered for the OAUTH client application in Google Console.

    When I try to login, it says that I am redirecting from 127.0.0.1:9852

    Your given server configuration has your application served with gunicorn and Apache configured as a proxy server.

    In some way the request isn't passed onto gunicorn server with enough information for werkzeug to determine the right hostname.

    I suggest employing ProxyPreserveHost directive in your VirtualHost to enable the incoming host to be passed on to gunicorn.