OAuth fails with "Must utilize https", but everything is https

dsuedholt · November 15, 2019, 12:41am

I set up Google OAuth for my seafile installation. When I’m using it, after logging into Google and being redirected to /oauth/callback, I see the “Error, please contact administrator message.” The logfile says

[ERROR] seahub.oauth.views:136 oauth_callback (insecure_transport) OAuth 2 MUST utilize https.

All the URLs in the settings are https. The seafile sign-on page, the Google OAuth login page and the callback page are all https and yet I see this error. Here is my seahub_settings:

FILE_SERVER_ROOT = 'https://my.server/seafhttp'
OAUTH_REDIRECT_URL = 'https://my.server/seafile/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'google.com'
OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'
OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
OAUTH_SCOPE = [
    "https://www.googleapis.com/auth/userinfo.email",
]
OAUTH_ATTRIBUTE_MAP = {
    "name": (False, "name"),
    "email": (True, "email"),
}

What’s going wrong here?

dsuedholt · November 15, 2019, 1:10am

Found a quickndirty fix myself:

in seahub/seahub/oauth/views.py, in the function oauth_callback, I changed

token = session.fetch_token(
            TOKEN_URL,
            client_secret=CLIENT_SECRET,
            authorization_response=request.get_full_path())

to

token = session.fetch_token(
            TOKEN_URL,
            client_secret=CLIENT_SECRET,
            authorization_response='https://my.server'+request.get_full_path())

Since request.get_full_path() actually just contained /seafile/oauth/… and not the full URL.

z3ky · November 1, 2021, 10:28am

Works for me, too.
Hope this bug will be fixed soon.

FlorianJSa · December 31, 2021, 12:49am

Hi, thanks for you reply same issue here.

philwilei · April 1, 2026, 10:31pm

I started getting this error randomly a couple weeks after upgrading from Seafile 12.x to 13.x. For me, the root cause was that I had set SEAFILE_SERVER_PROTOCOL to http, since my reverse proxy (Traefik) is doing TLS termination. Setting this environment variable to https fixed the issue for me, no workaround required.

No clue why the error started appearing without me making any changes. I thought I’d leave my fix here in case anyone encounters this on more recent versions (12+) of Seafile, where the accepted answer no longer applies.