Publishing Site on AWS Fargate

zuhairattya · May 21, 2025, 11:55am

we are publishing our website that we have developed over Umbraco 15, so far we have developed all the pages and populated the contents. all this have been done using a SQL RDS on AWS and where the pages are on our local computer. it works just fine by visiting https://localhost/umbraco, however when porting it to docker over AWS fargate the backend page doesn’t display correctly and shows :
“error:invalid_request
error_description:The specified ‘redirect_uri’ is not valid for this client application.
error_uri:https://documentation.openiddict.com/errors/ID2043

we tried multiple ways to resolve it by modifying the appsettings.json

"Umbraco": {
  "CMS": {
    "WebRouting": {
      "UmbracoApplicationUrl": "https://site.com/"
    },
    "Security": {
      "BackOfficeHost": "https://site.com/"
    }
  }
},

anyone have encountered this issue and managed to resolve it. please let me know what further to look at? :

LuukPeters · May 22, 2025, 12:24pm

The issue is that you are using the same database for multiple instances. For OpenId, a redirect_url is required and Umbraco handles this by registering the redirect_url of the first request is receives in the database. When you use that database from another URL, you will get the error you described.

See this topic:

zuhairattya · May 25, 2025, 7:41am

thanks Luuk,
so now that we have developed our website and whish to proceed with it, what can we do to fix the redirect_url?

Saeve · May 25, 2025, 7:35pm

If you have access to the database, then you can modify the entries in the umbracoOpenIddictApplications table.

But be very careful with this ,as changes here could impact the platform.

There’s a bit more interesting information on the various OpenID issues and workarounds here:

github.com/umbraco/Umbraco-CMS

Umbraco 14 - "The specified 'redirect_uri' is not valid for this client application." error when trying to login after a certain time period

opened 11:29AM - 04 Jul 24 UTC

jovanzlatanovic

type/bug affected/v14 affected/v15

### Which Umbraco version are you using? (Please write the *exact* version, exam…ple: 10.1.0) 14.0.0 ### Bug summary Getting an `error:invalid_request` after leaving an Umbraco site running for a while when trying to login. Error appears for any login method (local and SSO). ### Specifics Might be related to: https://github.com/umbraco/Umbraco-CMS/issues/16179; but I am not visiting the site behind a proxy. Error image: ![image](https://github.com/umbraco/Umbraco-CMS/assets/99445204/11f0b7a1-d089-4adc-bb38-857fa5abe33e) ### Steps to reproduce It appears to happen randomly after leaving the website running after a while. Try to login after an unspecified amount of time. ### Expected result / actual result Expecting to be able to login, actual is error returned in json format.

jacob · May 25, 2025, 8:19pm

Setting the “BackOfficeHost” should override whatever the database thinks is the application URL and is used directly in the OpenId manager. You should set the hostname that the Docker instance actually sees as the host, for example it may be “localhost” or something similar.

I think the address should not end with a forward slash as that seems to be hardcoded in many places in the source code of Umbraco, so I would honestly try setting it to a few different values to see if that solves the problem:

"Umbraco": {
  "CMS": {
    "Security": {
      "BackOfficeHost": "https://site.com"
    }
  }
},

or

"Umbraco": {
  "CMS": {
    "Security": {
      "BackOfficeHost": "http://localhost"
    }
  }
},

You can more or less deduce how it is used in this area of the source code to set the allowed redirect URLs:

github.com/umbraco/Umbraco-CMS

src/Umbraco.Cms.Api.Management/Security/BackOfficeApplicationManager.cs

3db0ec7ef


      
          Uri[] backOfficeHostsAsArray = backOfficeHosts as Uri[] ?? backOfficeHosts.ToArray();
          if (backOfficeHostsAsArray.Any(url => url.IsAbsoluteUri) is false)
          {
              throw new ArgumentException($"Expected absolute URLs, got: {string.Join(", ", backOfficeHostsAsArray.Select(url => url.ToString()))}", nameof(backOfficeHosts));
          }
          
          await CreateOrUpdate(
              BackofficeOpenIddictApplicationDescriptor(backOfficeHostsAsArray),
              cancellationToken);