This problem affects projects created before September 2022 that use a custom domain. For newly added social sign-in providers, social sign-in flows can fail with the following message:
Unable to complete OpenID Connect flow because the OpenID Provider returned error "redirect_uri_mismatch": The redirect_uri MUST match the registered callback URL for this application.
If you get this error in projects created after September 2022, read Social sign-in troubleshooting for more information.
To fix the problem, remove the
/selfservice/methods/oidc/config/base_redirect_uri configuration entry. Run this Ory CLI command:
## List all available projects
ory list projects
## Remove the configuration entry
ory patch identity-config <project-id> \
base_redirect_uri can break previously existing and functional social sign-in connections. To fix a broken
connection, choose the provider you want to fix from the
Ory Console social sign-in configuration screen and copy the redirect
URI. Use the value you copied to update the callback URL configuration of the social sign-in provider.