Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using nginx https may cause some ExternalAuthentication issues, as if the middleware order is incorrect, V4.8 #7620

Closed
ahjszll opened this issue Mar 8, 2025 · 2 comments
Closed

Using nginx https may cause some ExternalAuthentication issues, as if the middleware order is incorrect, V4.8 #7620

ahjszll opened this issue Mar 8, 2025 · 2 comments
Assignees
@exileDev
Labels
discussion / investigation

Comments

@ahjszll
Copy link

ahjszll commented Mar 8, 2025
edited
Loading

I am using nginx's HTTPS proxy 127.0.0.1:5000,HostingDonfig.UseProxy is configured correctly,I used ExternalAuth Facebook,
But

When the login box on Facebook returns, it prompts Can't load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings。

I tracked the source code of Facebook Handler,
https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/Facebook/src/FacebookHandler.cs

`
protected override async Task ExchangeCodeAsync(OAuthCodeExchangeContext context)
{
var logger = EngineContext.Current.Resolve<Nop.Services.Logging.ILogger>();
logger.Warning("ExchangeCodeAsync");
var tokenRequestParameters = new Dictionary<string, string>()
{
{ "client_id", Options.ClientId },
{ "redirect_uri", context.RedirectUri },
{ "client_secret", Options.ClientSecret },
{ "code", context.Code }
};
//tokenRequestParameters["redirect_uri"] = tokenRequestParameters["redirect_uri"].Replace("http", "https");
logger.Warning("tokenRequestParameters:" + tokenRequestParameters["redirect_uri"]);

}
`
Among them, tokenRequestParameters ["relocat_uri"] is http:///signin-Facebook, which should actually be https:///// signin-facebook,
So I temporarily modified the source code and added a method of replacing HTTP with HTTPS

Continuing to track this issue, I found that the authentication middleware occurred earlier than UseForwardedHeaders

Image

So I tried using "UseAuthorization" after "UseForwardedHeaders" and found that it could also solve the above problem

Image

I haven't found any more clues and I'm not sure when 'UseAuthorization' was called“
@exileDev
Copy link
Contributor

Hi! I just tested the Facebook authentication plugin in Nginx, and it works fine.

@exileDev exileDev closed this as not planned Won't fix, can't repro, duplicate, stale Mar 19, 2025
@ahjszll
Copy link
Author

ahjszll commented Mar 20, 2025

Hi! I just tested the Facebook authentication plugin in Nginx, and it works fine.

thanks ,There seems to be an issue with my code, I will continue to investigate further

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@exileDev exileDev

Labels
discussion / investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ahjszll @RomanovM @exileDev