Overview
This article explains why when an application is hosted behind a reverse proxy, the redirect_uri generated on the /authorize appears to be http://127.0.0.1:5000/callback. The desired behavior is that the domain should represent the domain of the application where the /authorize call was initiated.
Applies To
- .NET SDK
- Reverse Proxy
- NGINX
- Callback URL
- Redirect URI
Solution
This is likely a configuration issue on the reverse proxy / forward header side.
- Review the following documentation for potential solutions:
The reverse proxy misconfiguration may be causing Request.Host to show 127.0.0.1, and Request.Scheme to show http.
- Solutions for both sides need to be sought, i.e., the reverse proxy (NGINX) AND ASP.NET, not just the reverse proxy.
- See this FAQ for more information: