.NET SDK Used Behind a Reverse Proxy (NGINX) Uses Incorrect Callback URL

travis.evers · November 4, 2024, 8:42pm

Overview

This article explains why when an application is hosted behind a reverse proxy, the redirect_uri generated on the /authorize appears to be http://127.0.0.1:5000/callback. The desired behavior is that the domain should represent the domain of the application where the /authorize call was initiated.

Applies To

.NET SDK
Reverse Proxy
NGINX
Callback URL
Redirect URI

Solution

This is likely a configuration issue on the reverse proxy / forward header side.

Review the following documentation for potential solutions:
- Configure ASP.NET Core to work with proxy servers and load balancers
- Configure Nginx

The reverse proxy misconfiguration may be causing Request.Host to show 127.0.0.1, and Request.Scheme to show http.

Solutions for both sides need to be sought, i.e., the reverse proxy (NGINX) AND ASP.NET, not just the reverse proxy.
See this FAQ for more information:
- Reverse Proxy

Topic		Replies	Views
Callback url results in error "The redirect URI is wrong. You sent http..." Knowledge Articles callback-urls , proxy , reverse , redirect-url	1	2194	January 25, 2023
ASP.NET Core incorrect redirect url Help auth0 , aspnet-core	11	10048	June 10, 2021
Got "502 Bad Gateway" on login callback when using NGINX reverse proxy Help oidc , protocols	3	5670	September 23, 2023
Auth0 Blazor wrong redirect_url behind NGINX reverse proxy Help classic-universal-login-experience , login-experience	3	158	August 15, 2024
The provided redirect_uri is not in the list of allowed callback URLs angular Help	1	4639	January 8, 2021

.NET SDK Used Behind a Reverse Proxy (NGINX) Uses Incorrect Callback URL

Overview

Applies To

Solution

Related Topics