Resolving OAuth Callback URL Blocked by Admin Tools

While using the Gmail SMTP Connect Joomla! Plugin, you may encounter some issues if you are also working with the Admin Tools component. The enhanced security rules in the .htaccess file generated by Admin Tools can block URLs with specific query parameters required for OAuth callbacks, such as Google API authentication. This guide explains how to allow specific OAuth callback URLs to work without being blocked, avoiding 404 errors or request rejections.

Issue Description

In some scenarios, an OAuth callback URL may look like this:

https://yourdomain.com/administrator/index.php?option=com_plugins&task=oauth_grant&code=4/0Aa...&scope=https://mail.google.com/

When Admin Tools generates the .htaccess file, it might block this URL because:

  • It contains query parameters with http or https values, which can be flagged as potentially malicious.
  • The URL structure does not conform to the default security rules.

This can result in a 404 error or similar blocking behavior.

Solution

To allow the OAuth callback URL while maintaining the overall security provided by Admin Tools, follow these steps:

Step 1: Modify Custom .htaccess Rules in Admin Tools

  1. Log in to your Joomla! Administrator Panel.
  2. Navigate to Components > Admin Tools > .htaccess Maker.
  3. Scroll down to the Custom .htaccess rules section.
  4. In the "Custom .htaccess rules at the top of the file" field, add the following lines:

    # Allow OAuth URL with specific parameters
RewriteCond %{REQUEST_URI} ^/administrator/index\.php$ [NC]
RewriteCond %{QUERY_STRING} (^|&)option=com_plugins(&|$)
RewriteCond %{QUERY_STRING} (^|&)task=oauth_grant(&|$)
RewriteRule .* - [L]
    • This rule explicitly allows access to the OAuth callback URL with the specified parameters.
  5. Click Save and Create .htaccess to regenerate your .htaccess file with the new rules.

Screenshot:

Conclusion

By adding the custom rule to Admin Tools’ .htaccess Maker, you can safely allow OAuth callback URLs without compromising the overall security of your Joomla! site. This method ensures compatibility with OAuth-based integrations, such as Google API, while maintaining a secure environment.

If you need any more help, please consult the Admin Tools Documentation or contact your developer.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us