Oauth provider behind reverse proxy

Asked 3/1, 2013 at 15:49 Answered 25/8, 2016 at 1:25

I try to use OAuth Provider in PHP (PECL Package) behind a apache reverse-proxy

the client uses

POST https://api.com/resource/oauth/request-token

but my oauth provider receives

POST http://api.com/mywebservice/resource/oauth/request-token

the signature cannot be verified so the request fails

have you any idea about resolving this issue?

Bloodstain answered 3/1, 2013 at 15:49 Comment(0)

I had to do this once. I ended up modifying the OAuth code to pass along the actual URL the provider will receive as well the URL I need to send to from behind my proxy. The former was used in the signature and the latter in the HTTP request. It was a pain and not portable (if anything changed in the proxy, the code would stop working)

Beaumarchais answered 3/1, 2013 at 20:8 Comment(0)

We had the same issue (less complicated where our reverse proxy was changing HTTPS to HTTP inside the network).

You can enable your load balancer (whatever you're using as a reverse proxy) to forward the proper header scheme (and more).

For example in Nginx you can leverage both:

proxy_set_header X-Forwarded-Proto https;

and

proxy_redirect .... ;

This might not be a direct contextual solution to this old problem, but I spent 7 hours trying to debug our issue so I'm sure this will come in handy for someone.

Handling answered 25/8, 2016 at 1:25 Comment(0)

Recommended topics

Hot tags