问题
I try to use OAuth Provider in PHP (PECL Package) behind a apache reverse-proxy
the client uses
POST https://api.com/resource/oauth/request-token
but my oauth provider receives
POST http://api.com/mywebservice/resource/oauth/request-token
the signature cannot be verified so the request fails
have you any idea about resolving this issue?
回答1:
I had to do this once. I ended up modifying the OAuth code to pass along the actual URL the provider will receive as well the URL I need to send to from behind my proxy. The former was used in the signature and the latter in the HTTP request. It was a pain and not portable (if anything changed in the proxy, the code would stop working)
回答2:
We had the same issue (less complicated where our reverse proxy was changing HTTPS to HTTP inside the network).
You can enable your load balancer (whatever you're using as a reverse proxy) to forward the proper header scheme (and more).
For example in Nginx you can leverage both:
proxy_set_header X-Forwarded-Proto https;
and
proxy_redirect .... ;
This might not be a direct contextual solution to this old problem, but I spent 7 hours trying to debug our issue so I'm sure this will come in handy for someone.
来源:https://stackoverflow.com/questions/14142278/oauth-provider-behind-reverse-proxy