6

I am creating an AspNetCore application with Google authentication. I am deploying this app behind an nginx reverse proxy on an Ubuntu server. Almost everything is working, but I am having trouble with the callback url.

In the Google developer console, I have http://localhost:5000/signin-google set as an authorized redirect URI. This works as expected and allows me to use Google authentication when running from my workstation.

For production, I have https://myserver/signin-google set as an authorized redirect URI. However, when I try to use it, I get an error from accounts.google.com that http://myserver/signin-google (notice the missing s) is not authorized. That's true; it shouldn't be authorized and my server doesn't even respond to port 80 requests.

How can I tell the authentication middleware that I need it to use HTTPS for the callback URL?

Improve this question

1 Answer 1

Reset to default
12

I finally figured it out.

Step 1: Make sure Nginx is sending the necessary forwarding headers, for example:

server {
    # other stuff ...
    location / {
        # other stuff ...
        proxy_set_header X-Forwarded-Proto $scheme;
        # you could also just hardcode this to https if you only accept https
    }
}

Step 2: By default, AspNetCore will ignore these headers. Install the middleware that processes it:

PM> Install-Package Microsoft.AspNetCore.HttpOverrides

Step 3: in your Configure function, apply the middleware.

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedProto
});

This should correctly change the Context.Request.Scheme value to https, which will cause the authentication middleware to generate the correct redirect_uri.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you soooo much. This post has fixed a long standing bug in our app!
Thank you, you saved my day ! I had the exact same problem and your solution solved it !

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.