#Gitlab - The redirect URI included is not valid.

When I try to connect to backstage through gitlab running backstage locally, it works. But when I try to deploy it on kubernetes, it keeps showing the error "The redirect URI included is not valid.". Any ideias?

app:
  title: Scaffolded Backstage App
  baseUrl: http://${HOST}

organization:
  name: test

backend:
  # Used for enabling authentication, secret is shared by all backend plugins
  # See https://backstage.io/docs/auth/service-to-service-auth for
  # information on the format
  # auth:
  #   keys:
  #     - secret: ${BACKEND_SECRET}
  baseUrl: http://${HOST}
  # listen:
  #   port: 7007
  # Uncomment the following host directive to bind to specific interfaces
  # host: 127.0.0.1
  csp:
    connect-src: ["'self'", 'http:', 'https:']
    # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
    # Default Helmet Content-Security-Policy values can be removed by setting the key to false
  cors:
    origin: http://${HOST}
    methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
    credentials: true
integrations:
  gitlab:
    - host: gitlab.com
      token: ${GITLAB_TOKEN}
auth:
  environment: development
  providers:
    gitlab:
      development:
        clientId: ${AUTH_GITLAB_CLIENT_ID}
        clientSecret: ${AUTH_GITLAB_CLIENT_SECRET}
  experimentalExtraAllowedOrigins:
    - https://${BACKSTAGE_HOST}

Hi @gentle karma, what did you set the callback URL to?

What is your user facing URL? That would make the base for the callback URL

https://backstage.internal.com/api/auth/gitlab/handler/frame

https://backstage.internal.com

OK, cool. That looks correct to me based on the GitLab aut docs.

https://backstage.io/docs/auth/gitlab/provider

I'm using http://localhost:7007/api/auth/gitlab/handler/frame locally and it works perfectly

@dark python Any ideia?

It really. When did the error happen? At start up? When you got to authenticate/sign-in?

@dark python sorry for the late reply. The error happens after I logged in with my account

Hi, I'm having the same problem, but I'm using GitHub
When I try to use it locally, it works perfectly. But when I use it on Kubernetes with Ingress, I get an error on the callback URL

Error:

Did you set up two different oauth applications? Just double checking since you can't use the same one for local dev and for prod

I'm using just one

I followed the Backstage doc Start guide, locally it's work

i'm not using app-config.production.yaml, i just build app-config.yaml

You'll need to configure those envs differently though

.different base urls, different oauth applications used etc

The base urls are always "as seen from the browser"

And you don't go to the same url to visit your local dev as your prod 🙂

It's just a homelab in my laptop

I don't need a prod environment, so i just use app-config.yaml

But you did change to use the ingress. Your deployment topology changed and your public facing urls changed. So you need to update your config to match that.

I didn't understand
I have the app-config with my url and an ingress with my url, what do I need to change?

Maybe I misunderstood the original premise. But this is what I meant:

Wgen I run locally when developing, I visit e.g. https://localhost:7007. So that's what my config has in app.baseUrl.

If I put a proxy in front of it, like https://my-ingress.company.net, then I change app.baseUrl, MAYBE backend.baseUrl (depending on how I run that one), and switch to a different oauth app that has its callback url set to be under https://my-ingress.company.net too