Error "The redirect uri in the request, https://spotfireserver/spotfire/auth/oidc/authenticate, does not match the ones authorized for the OAuth client" is seen when OpenID Connect authentication is enabled on TIBCO Spotfire server.
book
Article ID: KB0075829
calendar_today
Updated On:
Products
Versions
Spotfire Server
7.8 and higher
Description
You may see the following error message when you authenticate with OpenID Identity Provider. Here is the example with Google as IDP where you get 'redirect_uri_mismatch' in the UI. 400. That’s an error.
Error: redirect_uri_mismatch
The redirect URI in the request, https://spotfireserver/spotfire/auth/oidc/authenticate, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/1070458381254-hrtuobth1tpm9k0e3bcakets8nvq6c0d.apps.googleusercontent.com?project=1070458381254
Resolution
The redirect URI (where the response is returned to) has to be registered in the Identity Provider (IDP) as the error indicates you haven't done that or haven't configured it correctly. For example to resolve this issue when using Google as IDP, Go to the console for your project and look under API Access. You should see your client ID & client secret there, along with a list of Authorized redirect URIs. If the URI you want isn't listed, click edit settings and add the URI to the list.
Please ensure to enter the URI under Authorized redirect URI and not the Authorized JavaScript origins as below screenshot. Authorized redirect URI is where users will be redirected to this path after they have authenticated with Google.
Issue/Introduction
This article will help you understand why the error "The redirect uri in the request, https://spotfireserver/spotfire/auth/oidc/authenticate, does not match the ones authorized for the OAuth client." is seen and how can we resolve it.