SSO (google oauth) Stuck in a login loop, "Choose an account". <--> "Login to Redash"

O get stuck in the following loop, click 1, get to 2, click 2, get to 1.

Any insights or help appreciated

what changed.

  1. the ec2 server changed ip address, I refreshed the route 53 to point to the right one,
  2. started getting a 400 error. for sso
  3. fixed this by adding another " Authorized redirect URIs For use with requests from a web server" - i had
  • http://dashboards…/oauth/google_callback
    i added
  • https://dashboards…/oauth/google_callback (didn’t need that before)
  1. now sso just goes between the two screens. :

Screen #1

Screen #2

https://redash.io/help/open-source/admin-guide/google-developer-account-setup

Are you using nginx? A common problem is redirection between http to https and back to http if the settings are not configured properly

@zhongshaoming1 i had set it up, and it was already working,
then a few days after i set up the https, it broke. maybe related.

@Shitij, following the instructions for HTTPS starts nginx.
however for some reason gunicorn is also on

Redash by itself will a gunicorn process. Nginx is like a layer in between your redash processes and the user. Can you share your configuration of nginx file? and your nginx logs too

upstream redash {
    server redash:5000;
}

server {
    listen      80;
    listen [::]:80;
    server_name <URL>;

    location ^~ /ping {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;

        proxy_pass       http://redash;
    }

    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }

    location ^~ /.well-known {
        allow all;
        root  /data/letsencrypt/;
    }
}

server {
 listen      443           ssl http2;
 listen [::]:443           ssl http2;
 server_name               <URL>;

 add_header                Strict-Transport-Security "max-age=31536000" always;

 ssl_session_cache         shared:SSL:20m;
 ssl_session_timeout       10m;

 ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_ciphers               "ECDH<redacted>MD5;";

 ssl_stapling              on;
 ssl_stapling_verify       on;
 resolver                  8.8.8.8 8.8.4.4;

 ssl_certificate           /etc/letsencrypt/live/<URL>/fullchain.pem;
 ssl_certificate_key       /etc/letsencrypt/live/<URL>/privkey.pem;
 ssl_trusted_certificate   /etc/letsencrypt/live/<URL>/chain.pem;

 access_log                /dev/stdout;
 error_log                 /dev/stderr info;

 # other configs

 location / {
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;

     proxy_pass       http://redash;
 }