❔ OAuth2 behind a reverse proxy won't work without UseAuthentication.
I setup a default individual auth project using .NET 7 Razor pages, I then set it up to use Google sign in, testing this app as it is in https mode worked fine, I then set the redirect header middleware, ran it in http mode with the redirect header middleware set, it would fail when redirecting back to the app after successfully signing in with
redirect_uri_mismatch, it does however work fine when UseAuthentication is set (this isn't set in the default auth project), I'm not too familiar with this middleware, does anyone know how might this be affecting it in such a way where it causes the auth to work as expected when running behind a reverse proxy? And why it wouldn't be needed when running direct.
I have the project in a GH repo https://github.com/jasonalexander-ja/GoogleAuthProxy
I followed the following guides for setting up the auth and redirect headers
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-7.0
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.08 Replies
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
I switched them, I was experimenting to try and see what it takes to get a .NET app with OAuth2 working behind a reverse proxy
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
It seems if you don't at least have the forwarding header middleware setup for XForwardedProto then it will use the wrong protocol for the callback URL, further in the actual config for setting up the authentication options I can only find configuration relating to path and not the further URL or protocol; but I have at least got a working example of an oauth2 app working behind a proxy, the fact that I needed the forward headers middleware does make sense to me, but what doesn't is why it also needs the authentication middleware when running it directly does not
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Yeah it seems to be the case accross browsers and devices, and I only just realised I accidently created this thing with .NET 8 by a mistake, I'll try the same in NET 7, looks like I may have found a weird quirk of .NET 8
Really strange, I used the default generated project for .NET 7 and it too didn't add the authentication middleware, and it too worked directly
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.