Add scheme/protocol variable for OAuth2 redirectUriTemplate #6239
Comments
|
@zeratul021 Thanks for reaching out! Since you want the URL to be https, I assume your application accepts https connections? If so, you could force a redirect to https using http
// ...
.requiresChannel()
.anyRequest().requiresSecure()Then the redirect would always be https. It also seems that it is likely if you are overriding the scheme you would need to override the port. Does that sound accurate? |
rwinch
added
the
status: waiting-for-feedback
rwinch
added
type: enhancement
|
@rwinch no problem. Our OAuth2 providers require strict 1:1 redirect URI matching and some of them require https-only scheme. So in our setups, when user comes from http scheme I want him to be redirected after successful OAuth2 login to https scheme. My intention with the new variables would help us to throw out this kind of config: for: I'm open to different approaches though! |
|
It seems like you would then want to ensure you have setup your server properly for a proxy server. If that is done, then the default behavior will work for you. Have you looked at https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#appendix-proxy-server and https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-use-tomcat-behind-a-proxy-server |
|
|
Spring Security uses the scheme that is returned by One thing that typically causes issues is that Tomcat support only works if the internal proxy matches the default regex. You can configure |
|
Hello @rwinch , sorry for delay. I checked our forwarding setup and it's working in our case. However, what I'm trying to do is, irrespectively of what scheme the user originally used to access the CloudFoundry/standalone app, I want him to be redirected to secure (https) scheme after successful OAuth2 authentication. Currently I'm doing that by providing redirect-uri with a hardcoded server url using https scheme: I would like to use just server url if the scheme variable was extracted, like this: Does that makes sense to you? |
|
@zeratul021 Yes it does make sense to me. We would need to figure out how to handle the port too. cc @jgrandja |
|
@rwinch has there been any discussion or triaging done between you guys? |
|
Thanks for the nudge @zeratul021! Is this something you could provide a PR for? |
rwinch
added
status: ideal-for-contribution
|
Yeah, I'll have a look.
…On Fri, May 17, 2019, 22:17 Rob Winch ***@***.***> wrote:
Thanks for the nudge @zeratul021 <https://github.com/zeratul021>! Is this
something you could provide a PR for?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#6239?email_source=notifications&email_token=AAFY4ART6FNHX2LWVRMI7ALPV4HGFA5CNFSM4GIQJ4NKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODVVYMFQ#issuecomment-493585942>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAFY4ATMZMP6ZQLJDEMW7DLPV4HGFANCNFSM4GIQJ4NA>
.
|
rwinch
removed
the
status: ideal-for-contribution
Currently most of us use the default redirect URL:
These variables are populated in DefaultOAuth2AuthorizationRequestResolver#expandRedirectUri.
Due to our platform setup and constraints we need all our redirect URIs to start with https://
We would like to reuse the default URL but change only the protocol part.
Suggestion: add variables scheme, serverName and serverPort (naming aligned with ServletRequest for redirect URI templating.
The text was updated successfully, but these errors were encountered: