Description
I am using nginx's HTTPS proxy 127.0.0.1:5000,HostingDonfig.UseProxy is configured correctly,I used ExternalAuth Facebook,
But
When the login box on Facebook returns, it prompts Can't load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings。
I tracked the source code of Facebook Handler,
https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/Facebook/src/FacebookHandler.cs
`
protected override async Task ExchangeCodeAsync(OAuthCodeExchangeContext context)
{
var logger = EngineContext.Current.Resolve<Nop.Services.Logging.ILogger>();
logger.Warning("ExchangeCodeAsync");
var tokenRequestParameters = new Dictionary<string, string>()
{
{ "client_id", Options.ClientId },
{ "redirect_uri", context.RedirectUri },
{ "client_secret", Options.ClientSecret },
{ "code", context.Code }
};
//tokenRequestParameters["redirect_uri"] = tokenRequestParameters["redirect_uri"].Replace("http", "https");
logger.Warning("tokenRequestParameters:" + tokenRequestParameters["redirect_uri"]);
}
`
Among them, tokenRequestParameters ["relocat_uri"] is http:///signin-Facebook, which should actually be https:///// signin-facebook,
So I temporarily modified the source code and added a method of replacing HTTP with HTTPS
Continuing to track this issue, I found that the authentication middleware occurred earlier than UseForwardedHeaders
So I tried using "UseAuthorization" after "UseForwardedHeaders" and found that it could also solve the above problem
I haven't found any more clues and I'm not sure when 'UseAuthorization' was called“