发表新帖
发表新帖

Spring OAuth redirect_uri not using https

前端 未结
关注
6 2022
爱一瞬间的悲伤
爱一瞬间的悲伤 2020-12-05 14:05

I have a Spring Boot 1.3.0 application with Spring Security OAuth included as a sort of SSO integration.

The problem is that the application is running in a non-SSL

6条回答
  • 夕颜
    夕颜 (楼主)
    2020-12-05 14:29

    Since you have mentioned the use of oauth I think this will help someone to understand the flow of operation. This answer only applies if you are using a reverse proxy such as NGINX.

    Cause of the problem,  

    Your spring boot application is running on the server with a address simlar to http://localhost:8080 . That's what all the spring boot app know about its host. You can inspect this behavior if you check the redirect url in facebook(or other oauth client) error page. It will look something like https://graph.facebook.com/v3.0/me?fields=id,first_name,middle_name,last_name,name,email,verified,is_verified,picture.width(250).height(250),link&redirect_url=http%3A%2F%2Flocalhost%2Flogin%2Ffacebook

    See the redirect_url is wrong.

    So we need to somehow tell the application that it is hosted under this address.

    Quick fix

    If you are only looking to fix Facebook OAuth ( Or other oAuth provider), Adding following lines to client will fix.

    facebook:
  client:
     preEstablishedRedirectUri: https://yourdomain.com/
     useCurrentUri: false

    But, this will only fix the issue at hand ( Also not flexible). But if you need a more concrete solution which is portable, you need to solve this at the reverse proxy.

    Open your nginx configuration for the app and change it reflecting as follows.

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Will add the user's ip to the request, some apps need this
        proxy_set_header X-Forwarded-Proto $scheme; # will forward the protocole i.e. http, https
        proxy_set_header X-Forwarded-Port $server_port; # Will forward the port 
        proxy_set_header Host $host;                    # !Important will forward the host address
        proxy_pass http://localhost:8080/;
}

    Okay so now, nginx is sending the information which were previously hidden to the spring boot app. But yet, spring app is not using this information. To tell it to use these information add the following line to the application.yml.

    server.use-forward-headers = true

    If you have your reverse proxy in a different node of the same network, you may want to configure the ip of the reverse proxy server with the following. ( replace with your IP)

    server.tomcat.internal-proxies=192\.65\.210\.55

    0 讨论(0)
 看不清?
提交回复
热议问题