I can't login "The given origin is not allowed for the given client ID."

I migrated the Metabase application from DO to AWS by copying the metabase directory. Then, migrated from h2 to AWS RDS MySQL successfully. I set up nginx and certbot and CloudFlare with a different record, so far the login page open successfully.
However, when I tried to login even via google or email, this error appears on the browser console:
[GSI_LOGGER]: The given origin is not allowed for the given client ID.

Note: I used a different domain name for the newly migrated app.

metabase service config:





java -jar /opt/metabase/metabase.jar

Nginx config:

server {
server_name new.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_read_timeout 20d;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/new.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/new.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = new.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

listen 80;
listen [::]:80;
server_name new.example.com;
    return 404; # managed by Certbot


I couldn't catch the source reason for this. Any help please?

Hi @obadaqaf
Make sure you're using Metabase 44.6+ and make sure to update the allowed origins in Google Cloud Console:

1 Like

@flamber How could I check the current version?

@obadaqaf You can see that during startup of the JAR file.

@flamber it's v0.44.6 (5c6ae21 release-x.44.x). It is the required, right?

@obadaqaf Yes, that's the minimum version for Google Sign-in.

Thanks @flamber. Resolved

@flamber I have another issue
When I try to ask a question I get this error:

(conn=90953) Access denied for user 'lexer_readonly'@'IP_ADDRESS ' 
(using password: YES) Current charset is UTF-8. If password has been set using another charset, consider using option 'passwordCharacterEncoding'

@obadaqaf Guessing you're using MySQL 8: https://www.metabase.com/docs/latest/databases/connections/mysql
If you are using regular MySQL, then you need to allow access to the specifically user, so Metabase can connect to it. Have a look around the internet, it's a MySQL specific thing, not Metabase.

@flamber The error is about 'lexer_readonly' user which is not the user I specified in the database connection string in metabase service.
The error also says that the access denied for 'lexer_readonly'@'IP_ADDRESS ', this IP address is the private IP of the Metabase server but the database (MySQL) is on a separated server (AWS RDS) .
I wonder if I followed the right steps to migrate Metabase?

@obadaqaf Without full logs, then I don't know where you snippets are from, but I'm guessing you have a connection in Admin > Databases with that reference. Fix that.

The MySQL (important, again it's not Metabase) says the error is:

Access denied for user 'lexer_readonly'@'IP_ADDRESS'

So the MySQL server says that the user specified is not allowed to login via that IP (which is the IP of the Metabase host).

Thanks @flamber. Resolved
Yes it's a MySQL issue