Oauth provider behind reverse proxy

混江龙づ霸主 提交于 2020-01-11 09:29:14

问题


I try to use OAuth Provider in PHP (PECL Package) behind a apache reverse-proxy

the client uses

POST https://api.com/resource/oauth/request-token

but my oauth provider receives

POST http://api.com/mywebservice/resource/oauth/request-token

the signature cannot be verified so the request fails

have you any idea about resolving this issue?


回答1:


I had to do this once. I ended up modifying the OAuth code to pass along the actual URL the provider will receive as well the URL I need to send to from behind my proxy. The former was used in the signature and the latter in the HTTP request. It was a pain and not portable (if anything changed in the proxy, the code would stop working)




回答2:


We had the same issue (less complicated where our reverse proxy was changing HTTPS to HTTP inside the network).

You can enable your load balancer (whatever you're using as a reverse proxy) to forward the proper header scheme (and more).

For example in Nginx you can leverage both:

proxy_set_header X-Forwarded-Proto https;

and

proxy_redirect .... ;

This might not be a direct contextual solution to this old problem, but I spent 7 hours trying to debug our issue so I'm sure this will come in handy for someone.



来源:https://stackoverflow.com/questions/14142278/oauth-provider-behind-reverse-proxy

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!