Why redirect_uri is not HTTPs while AllowedRedirectUris it is? #2101
Comments
As far as validation, IdentityServer4 is simply taking the string value of redirect_uri from the request and doing and exact comparison to those registered in the allowed URIs. What does the HTTP request look like going to NGINX? |
Here is the NGINX log: in the second line the redirect_uri is not HTTPs!
And the configuration:
|
Then appears your client application at store.example.com is not sending the correct scheme when it redirects the user agent to the authorize endpoint. See here, and make sure your client application is configured to respect the X-ForwardedProto header. |
I just changed these lines:
to:
Now, it goes to auth from store and successfully authenticates but the auth app POST to Here is the header:
What is this, now?! Any idea? Auth app log:
Store app log:
|
SSL termination is happening at NGINX. The headers are informing your app that it's behind a proxy using SSL, and should treat the request as such. |
I'm confused. Would you, please, explain more? |
This is not an IdentityServer4 issue and really belongs in a different repository. Probably https://github.com/aspnet/KestrelHttpServer |
The problem has been solved. It wasn't a Kestrel problem, it seems that NGINX doesn't allow a large header. From this help https://medium.com/@mshanak/solve-nginx-error-signin-oidc-502-bad-gateway-dotnet-core-and-identity-serve-bc27920b42d5 , we have set these properties: nginx.conf
default.conf
@chrisowhite , would you tell us more why we have set those properties and there is any way to configure IdentityServer to send much smaller header content? |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Both https://store.example.com/ and https://auth.example.com/ are hosted on Ubuntu server behind NGINX as a proxy server. While trying to authenticate store application we get this error from auth application.
Why
redirect_uri
is not in HTTPs?Things are going fine in the development machines.
Relevant parts of the log file
The text was updated successfully, but these errors were encountered: