Social sign-in `redirect_uri_mismatch` error (OTA-092022-01)

This problem affects projects created before September 2022 that use a custom domain. For newly added social sign-in providers, social sign-in flows can fail with the following message:

Unable to complete OpenID Connect flow because the OpenID Provider returned error "redirect_uri_mismatch": The redirect_uri MUST match the registered callback URL for this application.

Mitigation

To fix the problem, remove the /selfservice/methods/oidc/config/base_redirect_uri configuration entry. Run this Ory CLI command:

## List all available projects
ory list projects

## Remove the configuration entry
ory patch identity-config <project-id> \
  --remove '/selfservice/methods/oidc/config/base_redirect_uri'

caution

Removing the base_redirect_uri can break previously existing and functional social sign-in connections. To fix a broken connection, choose the provider you want to fix from the Ory Console social sign-in configuration screen and copy the redirect URI. Use the value you copied to update the callback URL configuration of the social sign-in provider.