Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
Our asp.net core site uses SSL offloading behind a nginx proxy so any incoming requests will use a scheme of http:// and while we are overriding the scheme using the following code:
// Define any forwarded headers // NOTE: If other headers are added, the KnownProxies and potentially KnownNetworks would need to be set. // https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-9.0&viewFallbackFrom=aspnetcore-2.2#forwarded-headers-middleware-options builder.Services.Configure<ForwardedHeadersOptions>(options => { options.ForwardedProtoHeaderName = "X-Proxy-Proto"; // Kubernetes is overriding this. options.ForwardedHostHeaderName = "X-Proxy-Host"; options.ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto | Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedHost; });
The generated redirect_uri is not using the passed in ProtoHeaderName (https). This causes issues with out 3rd party Identity provider because the redirect_uri host does not match what they are expecting (&redirect_uri=https://hostname/callback-path) and is instead receiving: (&redirect_uri=http://hostname/callback-path).
Expected Behavior
The ability to override the full OAuth callback should be allowed (the redirect_uri parameter listed above).
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
9.0.301
Anything else?
