Github oAuth redirect URL not working

Nils_Minten · August 13, 2024, 9:35am

To keep a fairly long story short we’ve created a Custom App that allows us to create issues and sync comments in GitHub; this is so we can keep our developers working in GitHub and they won’t need to work with multiple systems. To achieve this we’ve created our own Custom App for fresh desk which uses the oAuth2.0 flow from GitHub to authenticate with the API.

During development we already faced some issues with the redirect_uri or callback URL as GitHub calls it. After some debugging and sifting through the requests done during authentication we figured out that GitHub wants to know the expected GET parameters, so
http://localhost:10001/auth/callback → http://localhost:10001/auth/callback?callback=http://localhost:10001/custom_configs?oauth=github&product=modules.
Once this was updated everything worked fine during local development.

Now when we try to upload the app to the market place and then attempt to install the application it appears to get stuck at the GitHub oAuth step once again. From what I can gather from the requests that are done it appears to do 5 steps related to the marketplace authentication/ installation and then the 6th requests should do the GitHub authentication; at least it does when installing the locally developed app. However this request gets stuck loading for a while and eventually ends up with a 504 gateway timeout.

These are the Callback urls mentioned in the requests done and the ones we’ve already attempted to add to GitHub:

However even after all these attempts the 6th request still gets stuck.

TLDR; The callback url mentioned in the oAuth documentation doesn’t seem to match up with whatever GitHub wants causing the Custom App not to get past the installation.
Are we simply missing some GET parameters we need to add?

Raviraj · August 21, 2024, 10:47am

@Nils_Minten Can you share the oauth_config.json file and the redirect URL used for production testing in GitHub side?

I couldn’t reproduce the issue. This URL (https://oauth.freshdev.io/auth/callback) just works fine for me.

Nils_Minten · August 21, 2024, 1:53pm

Yeah of course, I’ve removed the client id and secret for obvious security reasons.

{
  "integrations": {
    "github": {
      "display_name": "Github",
      "client_id": "----",
      "client_secret": "----",
      "authorize_url": "https://github.com/login/oauth/authorize",
      "token_url": "https://github.com/login/oauth/access_token",
      "options": {
        "scope": "repo"
      },
      "token_type": "account"
    }
  }
}

Since you can’t really read them the localhost urls are:
http://localhost:10001/auth/callback?callback=http://localhost:10001/custom_configs?oauth=github&product=modules
http://localhost:10001/auth/callback?callback=http://localhost:10001/oauth_landing.html?oauth=github&product=modules

Raviraj · August 23, 2024, 1:08pm

@Nils_Minten, I think you’re getting credentials from the GitHub app in GitHub developer settings.
I have tried the OAuth app in GitHub developer settings.

Can you try once by creating an OAuth app and testing it locally and in production? For both, the documented callback URLs work for me.

There’s a slight difference between OAuth apps and GitHub apps as mentioned here - GitHub Apps overview - GitHub Docs
If you prefer only GitHub apps, I can continue testing and finding what works.

Raviraj · September 2, 2024, 12:01pm

@Nils_Minten Did you try the regular OAuth apps instead of GitHub apps in the GitHub developer settings?

Nils_Minten · September 3, 2024, 2:00pm

Hey Raviraj,

Yes we’ve now both tried with a GitHub App and a GitHub oAuth App. Both of which give the same error on production, and both work locally.

Apologies for the late response, wasn’t quite sure if I should reply here or in the support ticket