SSO Authentication - Https - NGINX configuration



  • Hi folks,

    I am currently struggling on using sso plugins with my nodebb instance (online).
    I have done quite some researches here and from the web, but did not get any answer.
    Still, I saw several topics about the subject.
    Thanks for having a look, and hope it could help others too.

    I handle SSL using a nginx reverse-proxy behind all my nodes applications and here are the errors found :
    SSO-Google
    Oops! Looks like something went wrong!
    /auth/google/callback
    Bad Request

    SSO-GIT
    Oops! Looks like something went wrong!
    /auth/github/callback
    The redirect_uri MUST match the registered callback URL for this application.

    ... and same kind of error for FB.

    Concerning the App configuration it seems well configured with an Https callback URL:
    https://-.-.io/auth/github/callback
    https://-.-.io as homepage.

    My NGINX configuration try to pass all needed information within the header :
    "
    proxy_pass http://localhost:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Port 443;
    "

    And finally the traces I think the problem comes from, the (it's not the case for this nodeBB forum)

    Github 302 (OK) :
    (mine)
    GET /auth/github HTTP/1.1
    Host: community.-.io

    (nodebb)
    GET /auth/github HTTP/1.1
    Host: community.nodebb.org

    Authorize (PROBLEM) :
    (mine)
    GET /login/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2Fcommunity.-.io%2Fauth%2Fgithub%2Fcallback&s...
    HTTP/1.1
    Host: github.com

    (nodeBB)
    GET /login/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fcommunity.nodebb.org%2Fauth%2Fgithub%2Fcallback&... HTTP/1.1
    Host: github.com

    Why am I loosing the S from the protocol ?!

    Thank you for your help.
    Kind regards.
    Hybesis



  • Finally found a topic with good explanation an answers:

    Didn't expect the config.json would influence such requests.

    Kind regards.


Log in to reply
 

Suggested Topics

  • 4
  • 2
  • 1
  • 2
  • 4
| |