Being redirected to an unsecure URL using a provider, even though specified in NEXTAUTH_URL with https

[gmcamposano]

I am testing it in production:

Env: NEXTAUTH_URL=https://nextauth.gmcampo.ga

2023-01-13T14:42:46.636413925Z > next start
2023-01-13T14:42:46.636409085Z > [email protected] start
2023-01-13T14:42:46.743417013Z ready - started server on 0.0.0.0:3000, url: http://localhost:3000
2023-01-13T14:42:46.747122171Z info - Loaded env from /app/.env
2023-01-13T14:42:46.636413925Z > next start
2023-01-13T14:42:46.636409085Z > [email protected] start
2023-01-13T14:42:46.636332725Z
2023-01-13T14:42:46.743417013Z ready - started server on 0.0.0.0:3000, url: http://localhost:3000
2023-01-13T14:42:46.747122171Z info - Loaded env from /app/.env
2023-01-13T14:42:59.659542149Z }
2023-01-13T14:42:59.659539349Z baseUrl: 'http://nextauth.gmcampo.ga'
2023-01-13T14:42:59.659534869Z url: 'http://nextauth.gmcampo.ga',
2023-01-13T14:42:59.659457430Z redirection triggered: {
2023-01-13T14:42:59.659542149Z }

When I try to login using github auth, i get this error:

2023-01-13T14:54:26.454153219Z baseUrl: 'http://nextauth.gmcampo.ga'
2023-01-13T14:54:26.454149579Z url: 'http://nextauth.gmcampo.ga',
2023-01-13T14:54:26.454082780Z redirection triggered: {
2023-01-13T14:54:26.455998218Z ' at async NextAuthHandler (/app/node_modules/next-auth/next/index.js:23:19)\n' +
2023-01-13T14:54:26.455995858Z ' at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
2023-01-13T14:54:26.455993378Z ' at AuthHandler (/app/node_modules/next-auth/core/index.js:201:41)\n' +
2023-01-13T14:54:26.455990498Z ' at Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:39)\n' +
2023-01-13T14:54:26.455988058Z ' at oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:39:19)\n' +
2023-01-13T14:54:26.455985818Z stack: 'Error: redirect_uri_mismatch\n' +
2023-01-13T14:54:26.455983658Z message: 'redirect_uri_mismatch',
2023-01-13T14:54:26.455980458Z https://next-auth.js.org/errors#oauth_callback_error redirect_uri_mismatch {
2023-01-13T14:54:26.455968338Z [next-auth][error][OAUTH_CALLBACK_ERROR]
2023-01-13T14:54:26.455629499Z }
2023-01-13T14:54:26.455627259Z message: 'redirect_uri_mismatch'
2023-01-13T14:54:26.455625139Z providerId: 'github',
2023-01-13T14:54:26.455622659Z error_description: 'The redirect_uri MUST match the registered callback URL for this application.',

Also, the console browser displays:
Mixed Content: The page at 'https://nextauth.gmcampo.ga/api/auth/signin?error=Callback' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://nextauth.gmcampo.ga/api/auth/signin/github'. This endpoint should be made available over a secure connection.

You can check for yourselves using the link above to try to replicate.

[gmcamposano]

SOLVED: Always check what NEXTAUTH_URL is being set in production. In my case, a http link was set in production and it was overriding all my different commit where I changed it.

[zimonitrome]

I have this same error but I am 100% sure my environment variables are HTTPS.

[Jan-T-Berg]

wie hattest du es gelöst? habe das jetzt auch