I have a .NET 8 Blazor application that follows the advice in the Auth0 tutorial. It works great on my development machine, but when I move it out to our development servers that run behind an NGINX reverse proxy, the login-process fails.
Clicking the login button correctly goes to the login handler.
The login handler calls the following code:
var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
.WithRedirectUri(returnUrl)
.Build();
await httpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
The problem is that this generates a redirect to our Auth0 server’s Authorize endpoint that includes “redirect_uri=http%3A%2F%2F127.0.0.1%3A5038%2Fcallback” in the URL query string. Because of this, after the user logs in, their browser is sent to “http://127.0.01:5038/callback” which doesn’t work unless it is called from a browser on the server.
I assume that Auth0 is choosing that URI because that is what the application is listening on, even though the Request URL in the request header is https://TheProperExternalUrl/ …, and the returnUrl value set in the LogoutAuthenticationPropertiesBuilder is https://TheProperExternalUrl/PageLoginButtonWasHitOn (The NGINX reverse proxy communicates the external URLs to the internal URLs, and the firewall prevents any outside machines from accessing the internal URLs)
How can I tell Auth0 to set the proper redirect_url in the URL that httpContext.ChallengeAsync produces?
If it matters, the same reverse proxy setup was used with Auth0 in .NET6 and .NET7 without any issues. This behavior began when switching to Blazor InteractiveAutoRenderMode and .NET8 and I have not been able to get it working since.