redirect_uri is not authorized for this client

[KXN2004]

I have used the following code to start the fief client (main.py)

from os import getenv
from dotenv import load_dotenv
from fastapi import Depends, FastAPI
from fastapi.security import OAuth2AuthorizationCodeBearer
from fief_client import FiefAccessTokenInfo, FiefAsync
from fief_client.integrations.fastapi import FiefAuth

load_dotenv()

fief = FiefAsync(  
    "http://localhost:8000",
    getenv("CLIENT_ID"),
    getenv("CLIENT_SECRET"),
)

scheme = OAuth2AuthorizationCodeBearer(  
    "http://localhost:8000/authorize",  
    "http://localhost:8000/api/token",  
    scopes={"openid": "openid", "offline_access": "offline_access"},
    auto_error=False,
)

auth = FiefAuth(fief, scheme)

app = FastAPI()

@app.get("/user")
async def get_user(access_token_info: FiefAccessTokenInfo = Depends(auth.authenticated())):
    return access_token_info

I have used the following command to start the uvicorn server (bash)

$ uvicorn main:app --host localhost --port 5000 --reload

I have used the port 5000 since the fief server is running on the port 8000

Fief Server: localhost:8000
Fief Client: localhost:5000

I follow the steps mentioned in the API Section of the FastAPI

After I enter the client_id and client_secret in the Swagger UI, it redirects me to a page where it says

redirect_uri is not authorized for this client

I see the following url in the address bar of the browser

http://localhost:8000/authorize?response_type=code&client_id=8XZsMRLhAFpOQ0NqSATzv6duM8blGNrVccTN2zS8IEU&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fdocs%2Foauth2-redirect&scope=openid%20offline_access&state=U3VuIFNlcCAxNSAyMDI0IDE1OjI1OjQ2IEdNVCswNTMwIChJbmRpYSBTdGFuZGFyZCBUaW1lKQ%3D%3D

I believe the redirect_uri query parameter is pointing to a wrong location http://localhost:5000/docs/oauth2-redirect instead of http://localhost:8000/docs/oauth2-redirect

To Reproduce

Steps to reproduce the behavior:

1. Go to http://localhost:5000/docs
2. Click on Authorize button
3. Scroll down to OAuth2AuthorizationCodeBearer (OAuth2, authorizationCode) Section
4. Enter the client_id and client_secret
5. Click on select_all link to select all the scopes
6. Click on the Authorize button

Expected behavior

1. The login page opens in a new tab
2. I enter the user credentials (user is created in the admin dashboard beforehand)
3. The login is successful
4. Receive the access_token

Configuration

• Cloud or self-hosted: Self hosted on docker (Steps mentioned here)
• If self-hosted, Fief version: 0.28.8

[fief-bailiff[bot]]

Hail, @KXN2004 👋 Welcome to Fief's kingdom!

Our team will get back to you very soon to help.

In the meantime, take a minute to star our repository ⭐️

Want to support us?

Subscribe to one of our paid plan to help us continue our work and receive exclusive information and benefits! Starts at $5/month 🪙

Farewell!

[frankie567]

You need to authorize http://localhost:5000/docs/oauth2-redirect as as redirect URI in your Client configuration: https://docs.fief.dev/configure/clients/#redirect-uris

If you start the authentication from the Swagger docs on localhost:5000, then it'll try to redirect the same Swagger on localhost:5000; but you need to tell Fief it's safe to do so.