Auth0-java-mvc-common behind reverse proxy, HttpServletRequest.getUrl() gets the "wrong" scheme

Please include the following information in your post:

  • Which SDK this is regarding: auth0-java-mvc-common
  • SDK Version: 1.9.2
  • Platform Version: Java 8
  • Code Snippets/Error Messages/Supporting Details/Screenshots:

I’m using pretty much exactly what’s in the quickstart.
The problem arrives when I do this:

authenticationControllerProvider.getController(req,res).

Here is where it goes wrong. The redirect URL should be
https://something.com/callback

But because the application itself is running on HTTP, and HTTPS is only on the reverse proxy, this gets set to http, and it fails (I don’t allow https outside of local testing).

How the hell do I work around this? Writing the verifiers, and everything else basically from scratch because of this single issue seems like a nightmare.

1 Like