Flow between FF3 & Data Importer fails after redirect to /oauth/authorize #10582

jecogeo · 2025-07-11T15:33:23Z

jecogeo
Jul 11, 2025

Hi all. I'm a "power user" but not fully educated on these matters so chances are I've been missing some small pieces which are hindering me from successfully run FF3 & DataImporter.

Environment

Firefly III: v6.2.20 (Docker)
Data Importer: v1.7.4 (Docker)
configs:
- custom bridge network (firefly_net)
- HTTPS via reverse proxy (Apache)
- OAuth publico client created (ID 2 and/or 3)

Symptoms

On data importer:
Logs show redirect to https://my.firefly.cloud/oauth/authorize

[2025-07-11 11:42:11] local.DEBUG: Query parameters are {"client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","response_type":"code","scope":"","state":"upFpBuZvNTWyMZSIPG2bL8wI8dw1k8RC25OSFzTP","code_challenge":"FFrjLiCTEnNvbbIO9bW3T_e2PAXejcOd05AsvY6g1Bc","code_challenge_method":"S256"}

No error is logged, but the callback is never triggered

On Firefly:
Client is created with no secret. ID=2 callback=https://importer.my.firefly.cloud/callback

config files

docker-compose.yaml

services:
  app:
    image: fireflyiii/core:latest
    hostname: firefly_iii_core  
    container_name: firefly_iii_core
    networks:
      firefly_net:
        ipv4_address: 172.18.0.4
    restart: always
    volumes:
      - firefly_iii_upload:/var/www/html/storage/upload
    env_file: .env
    ports:
      - '8080:8080'
    depends_on:
      - db
  db:
    image: mariadb:lts
    hostname: db
    container_name: firefly_iii_db
    networks:
      - firefly_net
    restart: always
    env_file: .db.env
    volumes:
      - firefly_iii_db:/var/lib/mysql

  importer:
    image: fireflyiii/data-importer:latest
    hostname: importer
    restart: always
    container_name: firefly_iii_importer
    environment:
      - NGINX_ENABLE_HTTPS=true
      - NGINX_SSL_HEADERS=on
      - PROXY_FORCE_HTTPS=true
      - TRUSTED_PROXIES=**
    networks:
      - firefly_net
    ports:
      - '81:8080'
    depends_on:
      - app
    env_file: .importer.env

  cron:
    image: alpine
    container_name: firefly_iii_cron
    restart: always
    command: sh -c "
      apk add tzdata
      && ln -s /usr/share/zoneinfo/${TZ} /etc/localtime
      | echo \"0 3 * * * wget -qO- http://firefly_iii_core:8080/api/v1/cron/some_static_token;echo\" 
      | crontab - 
      && crond -f -L /dev/stdout"
    networks:
      - firefly_net
volumes:
   firefly_iii_upload:
   firefly_iii_db:

networks:
  firefly_net:
    driver: bridge
    ipam:
      config:
        - subnet: "172.18.0.0/16"  # Subnet explícita
          gateway: 172.18.0.1

.env (mostly untouched, here are only the edited params)

TRUSTED_PROXIES=**
STATIC_CRON_TOKEN=same token as in docker-compose.yml
FORCE_HTTPS=true
PROXY_FORCE_HTTPS=true
SESSION_SECURE_COOKIE=true

.importer.env

FIREFLY_III_URL=http://172.18.0.4:8080
VANITY_URL=https://my.firefly.cloud
FIREFLY_III_ACCESS_TOKEN=
FIREFLY_III_CLIENT_ID=
EXPECT_SECURE_URL=true
# Custom to make the reverse proxy (apache2) work
PROXY_FORCE_HTTPS=true
SESSION_SECURE_COOKIE=true
SKIP_CONNECTION_CHECK=true
FIREFLY_III_HEADERS='{"Accept": "application/json", "Content-Type": "application/json"}'

Client on FF3

ID:2
callback URL: https://importer.my.firefly.cloud/callback

logs on data importer while trying to enter the client ID

[2025-07-11 12:29:36] local.DEBUG: Now at App\Http\Controllers\TokenController::submitClientId  
[2025-07-11 12:29:36] local.DEBUG: Submitted data:  {"client_id":"2"} 
[2025-07-11 12:29:36] local.DEBUG: [a] Base URL is "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-11 12:29:36] local.DEBUG: [b] Vanity URL is now "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-11 12:29:36] local.DEBUG: [c] Vanity URL is now "https://my.firefly.cloud" (based on "VANITY_URL")  
[2025-07-11 12:29:36] local.DEBUG: Now in App\Http\Controllers\TokenController::redirectForPermission(request, "http://172.18.0.4:8080", "https://my.firefly.cloud", 2)  
[2025-07-11 12:29:36] local.DEBUG: Query parameters are {"client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","response_type":"code","scope":"","state":"3Qujh6Re6j9TMdBjzHSEvdRLQar6U6gYSMbgusRL","code_challenge":"6rgDrH4BNQRQ3bNjRHJqBUd5VshJaDUMYQE9d1rw8XQ","code_challenge_method":"S256"} 
[2025-07-11 12:29:36] local.DEBUG: Now redirecting to "https://my.firefly.cloud/oauth/authorize?" (params omitted)  
172.18.0.1 - - [11/Jul/2025:12:29:36 -0300] "POST /token/client_id HTTP/1.1" 302 1486 "https://importer.my.firefly.cloud/token" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"

Any clue?

Answered by jecogeo

Jul 16, 2025

Oh boy... how good it is to be able to "talk" to someone. Thanks to your question I realized the issue was all about the CSP policies configuration of both of sites. They're hindering the proper communication between applications.

For future reference, the CSP of the Apache virtual hosts needs to allow forms and scripts (maybe?) between domains.

CSP on FF3 virtual host

Header always set Content-Security-Policy "default-src 'self' https://importer.my.firefly.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://importer.my.firefly.cloud; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https://importer.my.firefly.cloud…

View full answer

JC5 · 2025-07-11T16:23:42Z

JC5
Jul 11, 2025
Maintainer

Hey, thanks for starting this discussion.

You say you're on latest, but latest is 6.2.20, not 5.7.x. Could you verify you're actually on the latest release?

Cheers,
James

2 replies

jecogeo Jul 11, 2025
Author

Hey, thanks for starting this discussion.

You say you're on latest, but latest is 6.2.20, not 5.7.x. Could you verify you're actually on the latest release?

Cheers, James

Ooops, sorry. My bad. post edited. It's FF3 6.2.20 & DataImporter 1.7.4

JC5 Jul 11, 2025
Maintainer

Not a problem!

JC5 · 2025-07-11T17:25:23Z

JC5
Jul 11, 2025
Maintainer

Alright, what does Firefly III log about the incoming request? Are you send back and forward properly?

1 reply

jecogeo Jul 11, 2025
Author

Alright, what does Firefly III log about the incoming request? Are you send back and forward properly?

Here are the FF3 logs around the same time frame of the request (12:29:36):

87.236.176.238 - - [11/Jul/2025:12:15:16 -0300] "GET / HTTP/1.1" 302 374 "-" "Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)" "-"
87.236.176.238 - - [11/Jul/2025:12:15:16 -0300] "GET /login HTTP/1.1" 200 1681 "http://[REDACTED_MY_IP]]:8080" "Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)" "-"
20.127.244.253 - - [11/Jul/2025:12:17:52 -0300] "GET / HTTP/1.1" 302 374 "-" "Mozilla/5.0 zgrab/0.x" "-"
207.167.67.206 - - [11/Jul/2025:12:31:03 -0300] "GET http://example.com/ HTTP/1.1" 302 354 "-" "Go-http-client/1.1" "-"
207.167.67.206 - - [11/Jul/2025:12:31:04 -0300] "GET http://example.com/login HTTP/1.1" 200 1669 "http://example.com" "Go-http-client/1.1" "-"
207.167.67.206 - - [11/Jul/2025:12:31:04 -0300] "CONNECT example.com:443 HTTP/1.1" 400 150 "-" "-" "-"
207.167.67.206 - - [11/Jul/2025:12:31:05 -0300] "GET http://example.com/ HTTP/1.1" 302 354 "-" "Go-http-client/1.1" "-"
207.167.67.206 - - [11/Jul/2025:12:31:05 -0300] "GET http://example.com/login HTTP/1.1" 200 1670 "http://example.com" "Go-http-client/1.1" "-"
207.167.67.206 - - [11/Jul/2025:12:31:06 -0300] "CONNECT example.com:443 HTTP/1.1" 400 150 "-" "-" "-"
35.216.208.210 - - [11/Jul/2025:12:47:38 -0300] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03K8<\x90u\x8F7\x1D\x11\x8C)]J\x91\x92'3i\xE6M\x10\xCD%H\xE4\x12tp\xABSi\x81 \x07\x9EI\x17\xDBk\xA6\x112\x5C7\xB0\xF0\x99sEb\xE8[\xFD\xB8^\x09bC\xD1:cQ\x16@q\x00&\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x09\xC0\x13\xC0" 400 150 "-" "-" "-"
35.216.208.210 - - [11/Jul/2025:12:47:38 -0300] "GET / HTTP/1.1" 400 150 "-" "-" "-"
35.216.208.210 - - [11/Jul/2025:12:47:38 -0300] "GET / HTTP/1.1" 302 354 "-" "abuse.xmco.fr" "-"

http://example.com ? Apparently, no logs from the DataImporter request

EDIT: Just made another attempt to use Data Importer using the client ID 2 (14:45).

importer logs

[2025-07-11 14:45:28] local.DEBUG: Now at App\Http\Controllers\TokenController::submitClientId  
[2025-07-11 14:45:28] local.DEBUG: Submitted data:  {"client_id":"2"} 
[2025-07-11 14:45:28] local.DEBUG: [a] Base URL is "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-11 14:45:28] local.DEBUG: [b] Vanity URL is now "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-11 14:45:28] local.DEBUG: [c] Vanity URL is now "https://my.firefly.cloud" (based on "VANITY_URL")  
[2025-07-11 14:45:28] local.DEBUG: Now in App\Http\Controllers\TokenController::redirectForPermission(request, "http://172.18.0.4:8080", "https://my.firefly.cloud", 2)  
[2025-07-11 14:45:28] local.DEBUG: Query parameters are {"client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","response_type":"code","scope":"","state":"EVk1r7AbBl6RyJCX9rIZK9K6290vNzDoY4GT2c5o","code_challenge":"37zojScE_gaCPk6fcDVEOvmjRmYBHZ0FUeAh3oSvva4","code_challenge_method":"S256"} 
[2025-07-11 14:45:28] local.DEBUG: Now redirecting to "https://my.firefly.cloud/oauth/authorize?" (params omitted)  
172.18.0.1 - - [11/Jul/2025:14:45:28 -0300] "POST /token/client_id HTTP/1.1" 302 1486 "https://importer.my.firefly.cloud/token" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"

FF3 logs

172.18.0.1 - - [11/Jul/2025:14:45:14 -0300] "GET /profile HTTP/1.1" 200 6982 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [11/Jul/2025:14:45:14 -0300] "GET /v1/jscript/variables?ext=.js&v=6.2.20 HTTP/1.1" 200 3183 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [11/Jul/2025:14:45:14 -0300] "GET /oauth/clients HTTP/1.1" 200 252 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [11/Jul/2025:14:45:15 -0300] "GET /oauth/tokens HTTP/1.1" 200 33 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [11/Jul/2025:14:45:15 -0300] "GET /oauth/scopes HTTP/1.1" 200 33 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [11/Jul/2025:14:45:15 -0300] "GET /oauth/personal-access-tokens HTTP/1.1" 200 320 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"

As I have Apache already occupying the port 80, I had to change the docker-compose.yml to 8080:8080. Maybe a clue?

services:
  app:
    image: fireflyiii/core:latest
    hostname: firefly_iii_core  
    container_name: firefly_iii_core
    networks:
      firefly_net:
        ipv4_address: 172.18.0.4
    restart: always
    volumes:
      - firefly_iii_upload:/var/www/html/storage/upload
    env_file: .env
    ports:
      - '8080:8080'
    depends_on:
      - db

jecogeo · 2025-07-15T13:36:59Z

jecogeo
Jul 15, 2025
Author

@JC5 for your information I've just pulled the new version 1.7.6 of Data Importer. The problem still persists.

Used client 2, same as above.

Importer logs

✅ NGINX + PHP-FPM is running correctly.
[2025-07-15 10:21:59] local.DEBUG: [1.7.6] Now in App\Http\Controllers\IndexController::index  
[2025-07-15 10:21:59] local.DEBUG: App\Services\Shared\Authentication\SecretManager::hasValidSecrets  
[2025-07-15 10:21:59] local.DEBUG: No access token in session, will return header or config variable.  
[2025-07-15 10:21:59] local.DEBUG: Access token in header is empty, will be ignored.  
[2025-07-15 10:21:59] local.DEBUG: Access token is null, use config instead.  
[2025-07-15 10:21:59] local.DEBUG: No valid secrets, redirect to token.index  
172.18.0.1 - - [15/Jul/2025:10:21:59 -0300] "GET / HTTP/1.1" 302 430 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
[2025-07-15 10:22:00] local.DEBUG: Now at App\Http\Controllers\TokenController::index  
[2025-07-15 10:22:00] local.DEBUG: No access token in session, will return header or config variable.  
[2025-07-15 10:22:00] local.DEBUG: Access token in header is empty, will be ignored.  
[2025-07-15 10:22:00] local.DEBUG: Access token is null, use config instead.  
[2025-07-15 10:22:00] local.DEBUG: No client id in hasClientId() session, will return config variable.  
[2025-07-15 10:22:00] local.DEBUG: No base url in getBaseUrl() session, will return config variable.  
[2025-07-15 10:22:00] local.DEBUG: No vanity url in getVanityUrl() session, will return config variable.  
[2025-07-15 10:22:00] local.INFO: [1.7.6] The following configuration information was found:  
[2025-07-15 10:22:00] local.INFO: Personal Access Token: "" (limited to 25 chars if present)  
[2025-07-15 10:22:00] local.INFO: Client ID            : "0"  
[2025-07-15 10:22:00] local.INFO: Base URL             : "http://172.18.0.4:8080"  
[2025-07-15 10:22:00] local.INFO: Vanity URL           : "https://my.firefly.cloud"  
172.18.0.1 - - [15/Jul/2025:10:22:00 -0300] "GET /token HTTP/1.1" 200 4725 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
[2025-07-15 10:22:19] local.DEBUG: Now at App\Http\Controllers\TokenController::submitClientId  
[2025-07-15 10:22:19] local.DEBUG: Submitted data:  {"client_id":"2"} 
[2025-07-15 10:22:19] local.DEBUG: [a] Base URL is "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-15 10:22:19] local.DEBUG: [b] Vanity URL is now "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-15 10:22:19] local.DEBUG: [c] Vanity URL is now "https://my.firefly.cloud" (based on "VANITY_URL")  
[2025-07-15 10:22:19] local.DEBUG: Now in App\Http\Controllers\TokenController::redirectForPermission(request, "http://172.18.0.4:8080", "https://contas.jecogeo.cloud", 2)  
[2025-07-15 10:22:19] local.DEBUG: Query parameters are {"client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","response_type":"code","scope":"","state":"kx90o6CazfaS99pCg5ppzEDuG9dkGM6cjVgZ6Kxy","code_challenge":"H5YQYizvXudtKQd0Mx-A25CPUXcb4Ap4i2oOaOnu-LU","code_challenge_method":"S256"} 
[2025-07-15 10:22:19] local.DEBUG: Now redirecting to "https://my.firefly.cloud/oauth/authorize?" (params omitted)  
172.18.0.1 - - [15/Jul/2025:10:22:19 -0300] "POST /token/client_id HTTP/1.1" 302 1486 "https://importer.my.firefly.cloud/token" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"

FF3 logs

✅ NGINX + PHP-FPM is running correctly.
172.18.0.1 - - [15/Jul/2025:10:21:30 -0300] "GET / HTTP/1.1" 302 394 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:30 -0300] "GET /login HTTP/1.1" 200 1674 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:36 -0300] "POST /login HTTP/1.1" 302 370 "https://my.firefly.cloud/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:36 -0300] "GET / HTTP/1.1" 200 6141 "https://my.firefly.cloud/login" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:38 -0300] "GET /v1/jscript/variables?ext=.js&v=6.2.20 HTTP/1.1" 200 3183 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:38 -0300] "GET /chart/account/frontpage HTTP/1.1" 200 290 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:38 -0300] "GET /chart/budget/frontpage HTTP/1.1" 200 146 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:39 -0300] "GET /chart/account/expense HTTP/1.1" 200 33 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:39 -0300] "GET /chart/category/frontpage HTTP/1.1" 200 33 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:39 -0300] "GET /chart/account/revenue HTTP/1.1" 200 33 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:39 -0300] "GET /json/frontpage/piggy-banks HTTP/1.1" 200 42 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:39 -0300] "GET /manifest.webmanifest?v=3e8AboOwbd HTTP/1.1" 200 2347 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:21:39 -0300] "GET /api/v1/summary/basic?start=2025-07-01&end=2025-07-31 HTTP/1.1" 200 352 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:22:07 -0300] "GET /profile HTTP/1.1" 200 6986 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:22:08 -0300] "GET /v1/jscript/variables?ext=.js&v=6.2.20 HTTP/1.1" 200 3183 "my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:22:09 -0300] "GET /oauth/tokens HTTP/1.1" 200 33 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:22:09 -0300] "GET /oauth/personal-access-tokens HTTP/1.1" 200 320 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:22:09 -0300] "GET /oauth/clients HTTP/1.1" 200 252 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:10:22:09 -0300] "GET /oauth/scopes HTTP/1.1" 200 33 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"

3 replies

JC5 Jul 15, 2025
Maintainer

[2025-07-15 10:22:19] local.DEBUG: Now redirecting to "https://my.firefly.cloud/oauth/authorize?" (params omitted)

I'm surprised to see this isn't happening. You're not being redirected at all?

jecogeo Jul 15, 2025
Author

Actually, it's weird. I've tested on 4 different browsers: brave, Gnome Web (Epiphany), Mullvad Browser and Safari (on my phone). The only one on which I got redirected is Mullvad Browser. Even so, I got the following screen:

Already mentioned before, but the docs says:

Create an access token
Follow how-to get a token. Use the custom instructions below:

The callback URL will be http://localhost:81/callback
UNCHECK the box that says "Confidential"

As mentioned earlier in this thread, I had to change the port because of apache. Maybe something related to it?

jecogeo Jul 15, 2025
Author

Even if I ignore the error and follow along the importing process I get stuck on this page:

The following logs are reported.

Importer logs:

[2025-07-15 14:35:17] local.DEBUG: Now at App\Http\Controllers\TokenController::submitClientId  
[2025-07-15 14:35:17] local.DEBUG: Submitted data:  {"client_id":"2"} 
[2025-07-15 14:35:17] local.DEBUG: [a] Base URL is "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-15 14:35:17] local.DEBUG: [b] Vanity URL is now "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-15 14:35:17] local.DEBUG: [c] Vanity URL is now "https://my.firefly.cloud" (based on "VANITY_URL")  
[2025-07-15 14:35:17] local.DEBUG: Now in App\Http\Controllers\TokenController::redirectForPermission(request, "http://172.18.0.4:8080", "https://my.firefly.cloud", 2)  
[2025-07-15 14:35:17] local.DEBUG: Query parameters are {"client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","response_type":"code","scope":"","state":"ZWuxKCX1Z6lrMtwdTfq8suKyQyhv8rQRCjE7FyQK","code_challenge":"WMRLsehX7hK6S81CzSIyorFNttO3czmVNy8jATevRyY","code_challenge_method":"S256"} 
[2025-07-15 14:35:17] local.DEBUG: Now redirecting to "https://my.firefly.cloud/oauth/authorize?" (params omitted)  
172.18.0.1 - - [15/Jul/2025:14:35:17 -0300] "POST /token/client_id HTTP/1.1" 302 1486 "https://importer.my.firefly.cloud/token" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1" "179.228.89.2"
[2025-07-15 14:39:39] local.DEBUG: Now at App\Http\Controllers\IndexController::flush  
172.18.0.1 - - [15/Jul/2025:14:39:39 -0300] "GET /flush HTTP/1.1" 302 406 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:40] local.DEBUG: [1.7.6] Now in App\Http\Controllers\IndexController::index  
[2025-07-15 14:39:40] local.DEBUG: App\Services\Shared\Authentication\SecretManager::hasValidSecrets  
[2025-07-15 14:39:40] local.DEBUG: No access token in session, will return header or config variable.  
[2025-07-15 14:39:40] local.DEBUG: Access token in header is empty, will be ignored.  
[2025-07-15 14:39:40] local.DEBUG: Access token is null, use config instead.  
[2025-07-15 14:39:40] local.DEBUG: No valid secrets, redirect to token.index  
172.18.0.1 - - [15/Jul/2025:14:39:40 -0300] "GET / HTTP/1.1" 302 430 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:40] local.DEBUG: Now at App\Http\Controllers\TokenController::index  
[2025-07-15 14:39:40] local.DEBUG: No access token in session, will return header or config variable.  
[2025-07-15 14:39:40] local.DEBUG: Access token in header is empty, will be ignored.  
[2025-07-15 14:39:40] local.DEBUG: Access token is null, use config instead.  
[2025-07-15 14:39:40] local.DEBUG: No client id in hasClientId() session, will return config variable.  
[2025-07-15 14:39:40] local.DEBUG: No base url in getBaseUrl() session, will return config variable.  
[2025-07-15 14:39:40] local.DEBUG: No vanity url in getVanityUrl() session, will return config variable.  
[2025-07-15 14:39:40] local.INFO: [1.7.6] The following configuration information was found:  
[2025-07-15 14:39:40] local.INFO: Personal Access Token: "" (limited to 25 chars if present)  
[2025-07-15 14:39:40] local.INFO: Client ID            : "0"  
[2025-07-15 14:39:40] local.INFO: Base URL             : "http://172.18.0.4:8080"  
[2025-07-15 14:39:40] local.INFO: Vanity URL           : "https://my.firefly.cloud"  
172.18.0.1 - - [15/Jul/2025:14:39:40 -0300] "GET /token HTTP/1.1" 200 4725 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:44] local.DEBUG: Now at App\Http\Controllers\TokenController::submitClientId  
[2025-07-15 14:39:44] local.DEBUG: Submitted data:  {"client_id":"2"} 
[2025-07-15 14:39:44] local.DEBUG: [a] Base URL is "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-15 14:39:44] local.DEBUG: [b] Vanity URL is now "http://172.18.0.4:8080" (based on "FIREFLY_III_URL")  
[2025-07-15 14:39:44] local.DEBUG: [c] Vanity URL is now "https://my.firefly.cloud" (based on "VANITY_URL")  
[2025-07-15 14:39:44] local.DEBUG: Now in App\Http\Controllers\TokenController::redirectForPermission(request, "http://172.18.0.4:8080", "https://my.firefly.cloud", 2)  
[2025-07-15 14:39:44] local.DEBUG: Query parameters are {"client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","response_type":"code","scope":"","state":"g4g2UtZFyxwAxwCGoWNtpfvXe8fhfnszj0WvAHVk","code_challenge":"b8JliG2cOFQjBKPyw46phvlHDBc0eNnKkkt0HU8RVEM","code_challenge_method":"S256"} 
[2025-07-15 14:39:44] local.DEBUG: Now redirecting to "https://my.firefly.cloud/oauth/authorize?" (params omitted)  
172.18.0.1 - - [15/Jul/2025:14:39:44 -0300] "POST /token/client_id HTTP/1.1" 302 1486 "https://importer.my.firefly.cloud/token" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:46] local.DEBUG: Now at App\Http\Controllers\TokenController::callback  
[2025-07-15 14:39:46] local.DEBUG: State is valid!  
[2025-07-15 14:39:46] local.DEBUG: Params for access token {"form_params":{"grant_type":"authorization_code","client_id":2,"redirect_uri":"https://importer.my.firefly.cloud/callback","code_verifier":"long key","code":"long key"}} 
[2025-07-15 14:39:46] local.DEBUG: Will contact "http://172.18.0.4:8080/oauth/token" for a token.  
[2025-07-15 14:39:46] local.DEBUG: Response {"token_type":"Bearer","expires_in":1209600,"access_token":"long key","refresh_token":"long token"} 
[2025-07-15 14:39:46] local.DEBUG: Return redirect  to "https://importer.my.firefly.cloud"  
172.18.0.1 - - [15/Jul/2025:14:39:46 -0300] "GET /callback?code=long token&state=g4g2UtZFyxwAxwCGoWNtpfvXe8fhfnszj0WvAHVk HTTP/1.1" 302 406 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:46] local.DEBUG: [1.7.6] Now in App\Http\Controllers\IndexController::index  
[2025-07-15 14:39:46] local.DEBUG: App\Services\Shared\Authentication\SecretManager::hasValidSecrets  
[2025-07-15 14:39:46] local.DEBUG: IndexController authentication detection {"client_id":"","url":"http://172.18.0.4:8080","access_token_config":"...","access_token_empty":true} 
[2025-07-15 14:39:46] local.DEBUG: IndexController authentication type flags {"pat":false,"clientIdWithURL":false,"URLonly":true,"flexible":false} 
172.18.0.1 - - [15/Jul/2025:14:39:46 -0300] "GET / HTTP/1.1" 200 5409 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:50] local.DEBUG: [1.7.6] Now in App\Http\Controllers\IndexController::postIndex  
[2025-07-15 14:39:50] local.DEBUG: file is a valid flow, redirect to authenticate.  
172.18.0.1 - - [15/Jul/2025:14:39:50 -0300] "POST / HTTP/1.1" 302 458 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:50] local.DEBUG: Now in AuthenticateController, calling middleware.  
[2025-07-15 14:39:50] local.DEBUG: isReadyForFileStep("authenticate")  
[2025-07-15 14:39:50] local.DEBUG: isReadyForFileStep: Return false  
[2025-07-15 14:39:50] local.DEBUG: redirectToCorrectFileStep("authenticate")  
[2025-07-15 14:39:50] local.DEBUG: Return redirect to "https://importer.my.firefly.cloud/upload"  
172.18.0.1 - - [15/Jul/2025:14:39:50 -0300] "GET /authenticate HTTP/1.1" 302 434 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:39:51] local.DEBUG: isReadyForFileStep("upload-files")  
[2025-07-15 14:39:51] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:39:51] local.DEBUG: Now at App\Http\Controllers\Import\UploadController::index  
[2025-07-15 14:39:51] local.DEBUG: Going to check directory for config files: /var/www/html/storage/configurations  
[2025-07-15 14:39:51] local.DEBUG: List of files:  
172.18.0.1 - - [15/Jul/2025:14:39:51 -0300] "GET /upload HTTP/1.1" 200 4783 "https://importer.my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
2025/07/15 14:53:50 [warn] 199#199: *6559 a client request body is buffered to a temporary file /var/cache/nginx/client_temp/0000000001, client: 172.18.0.1, server: _, request: "POST /upload HTTP/1.1", host: "importer.my.firefly.cloud", referrer: "https://importer.my.firefly.cloud/upload"
[2025-07-15 14:53:51] local.DEBUG: isReadyForFileStep("upload-files")  
[2025-07-15 14:53:51] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:53:51] local.DEBUG: Now at App\Http\Controllers\Import\UploadController::upload  
[2025-07-15 14:53:51] local.DEBUG: CAMT.053 Check on file: negative  
[2025-07-15 14:53:51] local.DEBUG: DOMDocument::loadXML(): Start tag expected, '&lt;' not found in Entity, line: 1  
[2025-07-15 14:53:51] local.DEBUG: Counted 0x "\n\r" EOL in upload.  
[2025-07-15 14:53:51] local.DEBUG: Counted 0x "\r\n" EOL in upload.  
[2025-07-15 14:53:51] local.DEBUG: Counted 20x "\n" EOL in upload.  
[2025-07-15 14:53:51] local.DEBUG: Conclusion: "\n" is the EOL in this file.  
[2025-07-15 14:53:51] local.DEBUG: Counted 0x "\r" EOL in upload.  
[2025-07-15 14:53:51] local.DEBUG: storeContent: Stored 1531 bytes in file "db7c7475e52c6a166c1a68258699a6ac00003c6621efa957274b8de5582e564a"  
[2025-07-15 14:53:51] local.DEBUG: Config file is present.  
[2025-07-15 14:53:51] local.DEBUG: Config file uploaded.  
[2025-07-15 14:53:51] local.DEBUG: storeContent: Stored 316468 bytes in file "418c63a6e668cd41b271eddb93556e73b815ee142d5f2a13b9be846dc8fc4768"  
[2025-07-15 14:53:51] local.DEBUG: [1.7.6] Now in App\Services\CSV\Configuration\ConfigFileProcessor::convertConfigFile  
[2025-07-15 14:53:51] local.ERROR: [1.7.6]: Syntax error  
172.18.0.1 - - [15/Jul/2025:14:53:51 -0300] "POST /upload HTTP/1.1" 302 434 "https://importer.my.firefly.cloud/upload" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:53:51] local.DEBUG: isReadyForFileStep("upload-files")  
[2025-07-15 14:53:51] local.DEBUG: isReadyForFileStep: Return false  
[2025-07-15 14:53:51] local.DEBUG: redirectToCorrectFileStep("upload-files")  
[2025-07-15 14:53:51] local.DEBUG: Return redirect to "https://importer.my.firefly.cloud/import/configure"  
172.18.0.1 - - [15/Jul/2025:14:53:51 -0300] "GET /upload HTTP/1.1" 302 474 "https://importer.my.firefly.cloud/upload" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:53:51] local.DEBUG: isReadyForFileStep("configuration")  
[2025-07-15 14:53:51] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:53:51] local.DEBUG: Now at App\Http\Controllers\Import\ConfigurationController::index  
[2025-07-15 14:53:51] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:53:51] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:53:51] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = true  
[2025-07-15 14:53:51] local.DEBUG: CollectsAccounts::getFireflyIIIAccounts - Fetching ASSET accounts from Firefly III. {"url":"http://172.18.0.4:8080"} 
[2025-07-15 14:53:51] local.DEBUG: CollectsAccounts::getFireflyIIIAccounts - Fetched 3 asset accounts.  
[2025-07-15 14:53:51] local.DEBUG: CollectsAccounts::getFireflyIIIAccounts - Fetching LIABILITY accounts from Firefly III. {"url":"http://172.18.0.4:8080"} 
[2025-07-15 14:53:51] local.DEBUG: CollectsAccounts::getFireflyIIIAccounts - Fetched 0 liability accounts.  
[2025-07-15 14:53:51] local.DEBUG: CollectsAccounts::getFireflyIIIAccounts - Returning accounts structure. {"assets":{"1":{"GrumpyDictator\\FFIIIApiSupport\\Model\\Account":{"bic":null,"currencyCode":"EUR","iban":null,"id":1,"name":"my bank name","number":null,"type":"asset","currentBalance":"my balance","currentBalanceDate":"2025-07-15T23:59:59-03:00"}},"3":{"GrumpyDictator\\FFIIIApiSupport\\Model\\Account":{"bic":null,"currencyCode":"EUR","iban":null,"id":3,"name":"bank account","number":null,"type":"asset","currentBalance":"0.00","currentBalanceDate":"2025-07-15T23:59:59-03:00"}},"4":{"GrumpyDictator\\FFIIIApiSupport\\Model\\Account":{"bic":null,"currencyCode":"EUR","iban":null,"id":4,"name":"my wallet","number":null,"type":"asset","currentBalance":"0.00","currentBalanceDate":"2025-07-15T23:59:59-03:00"}}},"liabilities":[]} 
[2025-07-15 14:53:51] local.DEBUG: CAMT.053 Check of content: negative  
172.18.0.1 - - [15/Jul/2025:14:53:51 -0300] "GET /import/configure HTTP/1.1" 200 7716 "https://importer.my.firefly.cloud/upload" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:58:27] local.DEBUG: isReadyForFileStep("configuration")  
[2025-07-15 14:58:27] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:58:27] local.DEBUG: withValidator account validation {"accounts":[],"newAccounts":[],"flow":"file"} 
[2025-07-15 14:58:27] local.DEBUG: Now running App\Http\Controllers\Import\ConfigurationController::postIndex  
[2025-07-15 14:58:27] local.DEBUG: ConfigurationPostRequest raw form data {"do_import_raw":[],"accounts_raw":[],"new_account_raw":[]} 
[2025-07-15 14:58:27] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:58:27] local.DEBUG: Configuration fromRequest: ignoreDuplicateTransactions = true  
[2025-07-15 14:58:27] local.DEBUG: Configuration overruled from none: ignoreDuplicateTransactions = false  
[2025-07-15 14:58:27] local.DEBUG: [1.7.6] Now in App\Services\Shared\Configuration\Configuration::updateDateRange  
[2025-07-15 14:58:27] local.DEBUG: Range is null, set all to NULL.  
[2025-07-15 14:58:27] local.DEBUG: storeContent: Stored 1175 bytes in file "e3eceaa1183dbaf4bfa5697b6d4a30fc31474f83840a1a4649e3ae404cccdecd"  
172.18.0.1 - - [15/Jul/2025:14:58:27 -0300] "POST /import/configure HTTP/1.1" 302 458 "https://importer.my.firefly.cloud/import/configure" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:58:27] local.DEBUG: isReadyForFileStep("define-roles")  
[2025-07-15 14:58:27] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:58:27] local.DEBUG: [1.7.6] Now in App\Http\Controllers\Import\File\RoleController::index  
[2025-07-15 14:58:27] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:58:27] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:58:27] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = false  
[2025-07-15 14:58:27] local.DEBUG: Configuration fromClassicFile overruled: ignoreDuplicateTransactions = false  
[2025-07-15 14:58:27] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:58:27] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = true  
[2025-07-15 14:58:27] local.WARNING: Content is detected as "Windows-1252" and will be converted to UTF-8. Your milage may vary.  
[2025-07-15 14:58:27] local.DEBUG: Detected file headers: ["Data","Lançamento","Detalhes","N° documento","Valor","Tipo Lançamento"] 
172.18.0.1 - - [15/Jul/2025:14:58:27 -0300] "GET /import/roles HTTP/1.1" 200 7504 "https://importer.my.firefly.cloud/import/configure" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:59:34] local.DEBUG: isReadyForFileStep("define-roles")  
[2025-07-15 14:59:34] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:59:34] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = false  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromClassicFile overruled: ignoreDuplicateTransactions = false  
[2025-07-15 14:59:34] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: storeArray: Stored 1391 bytes in file "8cc03bb43bca5c0ab8850cad4757bc7392e411af1ca01d36bb8d8af86df85dc1"  
[2025-07-15 14:59:34] local.DEBUG: Old configuration was stored under key "418c63a6e668cd41b271eddb93556e73b815ee142d5f2a13b9be846dc8fc4768".  
[2025-07-15 14:59:34] local.DEBUG: New configuration is stored under key "8cc03bb43bca5c0ab8850cad4757bc7392e411af1ca01d36bb8d8af86df85dc1".  
172.18.0.1 - - [15/Jul/2025:14:59:34 -0300] "POST /import/roles HTTP/1.1" 302 466 "https://importer.my.firefly.cloud/import/roles" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"
[2025-07-15 14:59:34] local.DEBUG: isReadyForFileStep("conversion")  
[2025-07-15 14:59:34] local.DEBUG: isReadyForFileStep: Return true  
[2025-07-15 14:59:34] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = false  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromClassicFile overruled: ignoreDuplicateTransactions = false  
[2025-07-15 14:59:34] local.DEBUG: Configuration __construct. ignoreDuplicateTransactions = true  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromArray: ignoreDuplicateTransactions = false  
[2025-07-15 14:59:34] local.DEBUG: Configuration fromClassicFile overruled: ignoreDuplicateTransactions = false  
[2025-07-15 14:59:34] local.DEBUG: Will now verify configuration content.  
[2025-07-15 14:59:34] local.DEBUG: Pressing "back" will send you to mapping.  
[2025-07-15 14:59:34] local.DEBUG: Will redirect to submission after conversion.  
[2025-07-15 14:59:34] local.DEBUG: Create CSV routine manager.  
[2025-07-15 14:59:34] local.DEBUG: Going to generate conversion routine identifier.  
[2025-07-15 14:59:34] local.DEBUG: Attempt #1 results in "conversion-hlhr3ba4xmFB"  
[2025-07-15 14:59:34] local.INFO: Job identifier is "conversion-hlhr3ba4xmFB"  
[2025-07-15 14:59:34] local.DEBUG: Conversion routine manager identifier is "conversion-hlhr3ba4xmFB"  
[2025-07-15 14:59:34] local.DEBUG: Stored "conversion-hlhr3ba4xmFB" under "conversion_job_id"  
172.18.0.1 - - [15/Jul/2025:14:59:34 -0300] "GET /import/convert HTTP/1.1" 200 5711 "https://importer.my.firefly.cloud/import/roles" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" "179.228.89.2"

firefly logs

172.18.0.1 - - [15/Jul/2025:14:41:10 -0300] "GET /oauth/clients HTTP/1.1" 200 213 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:23 -0300] "GET / HTTP/1.1" 200 6038 "https://my.firefly.cloud/profile" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:23 -0300] "GET /v1/jscript/variables?ext=.js&v=6.2.20 HTTP/1.1" 200 3183 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:24 -0300] "GET /chart/budget/frontpage HTTP/1.1" 200 146 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:24 -0300] "GET /chart/account/frontpage HTTP/1.1" 200 271 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:24 -0300] "GET /chart/account/expense HTTP/1.1" 200 33 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:24 -0300] "GET /json/frontpage/piggy-banks HTTP/1.1" 200 42 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:24 -0300] "GET /chart/account/revenue HTTP/1.1" 200 33 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:25 -0300] "GET /chart/category/frontpage HTTP/1.1" 200 33 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.1 - - [15/Jul/2025:14:50:25 -0300] "GET /api/v1/summary/basic?start=2025-07-01&end=2025-07-31 HTTP/1.1" 200 352 "https://my.firefly.cloud/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36" "179.228.89.2"
172.18.0.5 - - [15/Jul/2025:14:53:51 -0300] "GET /api/v1/accounts?type=asset&page=1&limit=250 HTTP/1.1" 200 3756 "-" "Mozilla/5.0 Firefly III API Client" "-"
172.18.0.5 - - [15/Jul/2025:14:53:51 -0300] "GET /api/v1/accounts?type=liabilities&page=1&limit=250 HTTP/1.1" 200 387 "-" "Mozilla/5.0 Firefly III API Client" "-"
172.18.0.5 - - [15/Jul/2025:14:53:51 -0300] "GET /api/v1/currencies?page=1 HTTP/1.1" 200 11139 "-" "Mozilla/5.0 Firefly III API Client" "-"
80.66.75.139 - - [15/Jul/2025:14:59:03 -0300] "\x01\x01\xE6" 400 150 "-" "-" "-"

JC5 · 2025-07-15T18:43:36Z

JC5
Jul 15, 2025
Maintainer

Alright does your browser console give you mixed content warnings? Because none of those screens look the way they're supposed to.

2 replies

jecogeo Jul 16, 2025
Author

Oh boy... how good it is to be able to "talk" to someone. Thanks to your question I realized the issue was all about the CSP policies configuration of both of sites. They're hindering the proper communication between applications.

For future reference, the CSP of the Apache virtual hosts needs to allow forms and scripts (maybe?) between domains.

CSP on FF3 virtual host

Header always set Content-Security-Policy "default-src 'self' https://importer.my.firefly.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://importer.my.firefly.cloud; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https://importer.my.firefly.cloud; form-action 'self' https://importer.my.firefly.cloud; frame-ancestors 'self'; base-uri 'self'"

CSP on Data Importer virtual host

Header always set Content-Security-Policy "default-src 'self' https://my.firefly.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://my.firefly.cloud; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; connect-src 'self' https://my.firefly.cloud; form-action 'self' https://my.firefly.cloud; frame-ancestors 'self'; base-uri 'self'"

Thank you for your attention, thanks to it I could identify the issue.

Answer selected by jecogeo

JC5 Jul 16, 2025
Maintainer

Oh very nice, I'm glad you found it!

Firefly III

Flow between FF3 & Data Importer fails after redirect to /oauth/authorize #10582

Uh oh!

Uh oh!

jecogeo Jul 11, 2025

Environment

Symptoms

config files

docker-compose.yaml

.env (mostly untouched, here are only the edited params)

.importer.env

Client on FF3

logs on data importer while trying to enter the client ID

CSP on FF3 virtual host

Replies: 4 comments · 8 replies

Uh oh!

JC5 Jul 11, 2025 Maintainer

Uh oh!

jecogeo Jul 11, 2025 Author

Uh oh!

JC5 Jul 11, 2025 Maintainer

Uh oh!

JC5 Jul 11, 2025 Maintainer

Uh oh!

Uh oh!

jecogeo Jul 11, 2025 Author

importer logs

FF3 logs

Uh oh!

jecogeo Jul 15, 2025 Author

Importer logs

FF3 logs

Uh oh!

JC5 Jul 15, 2025 Maintainer

Uh oh!

Uh oh!

jecogeo Jul 15, 2025 Author

Uh oh!

jecogeo Jul 15, 2025 Author

Importer logs:

firefly logs

Uh oh!

JC5 Jul 15, 2025 Maintainer

Uh oh!

Uh oh!

jecogeo Jul 16, 2025 Author

CSP on FF3 virtual host

CSP on Data Importer virtual host

Uh oh!

JC5 Jul 16, 2025 Maintainer

jecogeo
Jul 11, 2025

Replies: 4 comments 8 replies

JC5
Jul 11, 2025
Maintainer

jecogeo Jul 11, 2025
Author

JC5 Jul 11, 2025
Maintainer

JC5
Jul 11, 2025
Maintainer

jecogeo Jul 11, 2025
Author

jecogeo
Jul 15, 2025
Author

JC5 Jul 15, 2025
Maintainer

jecogeo Jul 15, 2025
Author

jecogeo Jul 15, 2025
Author

JC5
Jul 15, 2025
Maintainer

jecogeo Jul 16, 2025
Author

JC5 Jul 16, 2025
Maintainer