drawio: Invalid redirect URL error when authenticating to private gitlab

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Describe the bug I’m getting an ‘Invalid redirect URL’ error when attempting to authenticate against private gitlab instance.

To Reproduce Steps to reproduce the behavior:

  1. Attempt to authorize via a private GitLab instance
  2. See error on GitLab page

Expected behavior Authentication should work

draw.io version (In the Help->About menu of the draw.io editor):

  • draw.io version 14.6.11

Desktop (please complete the following information):

  • OS: Windows
  • Browser: Chrome, Firefox
  • Version: current

Additional context Looking at the URL sent to GitLab, the redirect_uri parameter is ‘https://diagrams.{mydomain}/gitlab’. In the last version in which this worked, the value was ‘https://diagrams.{mydomain}/gitlab.html’ (which is also the configured redirect URL in GitLab).

Changing the redirect URL in GitLab to ‘…/gitlab’ instead of ‘…/gitlab.html’ fixes the error on the GitLab side, but authentication still fails because Diagrams doesn’t respond to the ‘…/gitlab’ URL, it wants the ‘.html’ extension.

Downgrading to v14.6.2 fixes this, so there was a regression in constructing the redirect_uri since then.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 16 (2 by maintainers)

Most upvoted comments

had to change the “http-nio-7070” port because of a conflict when running locally (puma ?)

Catalina is started via a “run” (not “start”) so logs all are going to stdout[0], albeit at the default verbosity level.

Also tried to follow the comment/instructions and it also fails using version 14.8.5 after the gitlab “Authorize drawio to use your account?”

Using:

docker run -it --rm -e DRAWIO_GITLAB_ID='*' -e GITLAB_CLIENT_SECRET='*' -e GITLAB_AUTH_URL=https://gitlab.domain.com/oauth/token --name="draw" -p 7070:7070 drawio

and using the call back / redirect url with out the .html, to give a blank page with status code 400. The favicon loads after it.

The last entires in the log are: 08-Jul-2021 23:40:52.138 INFO [http-nio-7070-exec-4] com.mxgraph.online.AbsAuthServlet.doGet AUTH-SERVLET: [172.17.0.1] Found cookie state (* -> *)

and the last uRL is http://localhost:7070/gitlab?code=*&state=cld=*&domain=localhost&token=*

[0] https://stackoverflow.com/a/50730492/2568021

+1
trocster on Jul 9, 2021

I’m using the jgraph/drawio docker image behind a simple Nginx reverse proxy for TLS termination. I’m mounting a local PreConfig.js and PostConfig.js (Method 3 in the docs) and am setting window.GITLAB_URL and window.GITLAB_ID in PreConfig.js. We have a local GitLab instance. This setup works with version 14.6.6 and before of the Docker image.

+1
plinss on Jun 14, 2021
Read more comments on GitHub
← drawio: Gitlab repo authorization fails on self-hosted instances
drawio: SVG exported images contain 'Viewer does not support full SVG 1.1' →