.NET SDK Used Behind a Reverse Proxy (NGINX) Uses Incorrect Callback URL

Overview

This article explains why when an application is hosted behind a reverse proxy, the redirect_uri generated on the /authorize appears to be http://127.0.0.1:5000/callback. The desired behavior is that the domain should represent the domain of the application where the /authorize call was initiated.

Applies To

  • .NET SDK
  • Reverse Proxy
  • NGINX
  • Callback URL
  • Redirect URI

Solution

This is likely a configuration issue on the reverse proxy / forward header side.

The reverse proxy misconfiguration may be causing Request.Host to show 127.0.0.1, and Request.Scheme to show http.

  • Solutions for both sides need to be sought, i.e., the reverse proxy (NGINX) AND ASP.NET, not just the reverse proxy.
  • See this FAQ for more information: