Hi, I followed the guide at https://auth0.com/docs/quickstart/webapp/rails/01-login to get my rails app up and running with Auth0 but after dockerizing my application and putting it behind an NGINX reverse proxy I found that the
redirect_uri that was being passed to Auth0 changed from my expected encrypted (https protocol) + production domain to an non-encrypted protocol (http) with my internal docker hostname. This ended up being an issue with OmniAuth and not anything to do with Auth0 but given the multiple hours it took me to track down what the issue and solution were I figured it might be good to add it to the documentation as a mention at the end, especially since this is probably a very common use-case for others. It looks like the
redirect_uri that OmniAuth generates is based on the Host header that is passed to rails, and the protocol is just whatever the protocol being used to access rails is (HTTP since it would be silly to use HTTPS certs directly on the rails app). After a lot of searching, it turns out one can override the hostname and protocol simply by doing something like
OmniAuth.config.full_host = lambda do |_| "https://mydomain.com" end
You can throw in custom logic as needed of course, and set your host/proto from an environment variable or something if you want but the main point is that if you’re putting your rails app behind a reverse proxy, you need to do this in order to ensure that the redirect_uri for both logging in and logging out are what you expect and you don’t get any nasty surprises. Hope this post helps someone, even if you don’t end up adding it to the documentation. Thanks for reading!