Closed Vidxyz closed 1 year ago
Responding to my own issue as I found the solution...
The problem was a lack of an env variable for the keycloak container PROXY_ADDRESS_FORWARDING=true
. The keycloak docs make note of this over here - https://github.com/codecentric/helm-charts/tree/master/charts/keycloak#running-keycloak-behind-a-reverse-proxy
Since I installed my keycloak server using a helm chart, I had to do the following
extra-config.yaml
comprising of the folllowing contents -
extraEnv: |
- name: PROXY_ADDRESS_FORWARDING
value: "true"
helm upgrade --reuse-values -f extra-config.yaml auth-keycloak codecentric/keycloak
The redirect URLs are now in https as expected.
When I try to login using Apple oAuth by hitting the URL
http://my.example.app/api/auth/login/apple?client_id=webapp&state=ae6cfa04-2b97-443d-89d6-735ca87e1164&response_type=code&nonce=3bf581b7-59ec-4f91-9caf-bf02b9913a67&kc_idp_hint=apple&redirect_uri=https://my.example.app/api/auth/apple/callback/webapp&scope=openid email
I get the following error![Screen Shot 2022-08-20 at 3 48 00 PM](https://user-images.githubusercontent.com/10780186/185763839-67e579ea-3748-4012-97a5-0d41b2dc0ace.png)
Upon further inspection, it seems like it is due to the redirected authorization URL having indeed a bad URI (it uses HTTP instead of HTTPS) -
https://appleid.apple.com/auth/authorize?response_mode=form_post&scope=openid+email+name&state=MHsd34r2J1DOdLgnx7G8qVbhZ7k-FGLxHM6E7qOqTDs.jKtRwBXmZUw.webapp&response_type=code&client_id=my.app.clientId&redirect_uri=http%3A%2F%2Fmy.example.app%2Fauth%2Frealms%2FAppleAuth%2Fbroker%2Fapple%2Fendpoint&nonce=GxRbWFg_lmpH3mZ_ZE2QOg
Now, if I change the
redirect_uri
query string parameter to ensure it ishttps
instead ofhttp
, I am able to login with my apple ID. HOWEVER, the callback URL fails with the following errorI suspect this is due to the initial redirect URL being HTTP instead of HTTPS - is there a way around this? Id like for the redirected request to have the parameter for
redirect_uri
follow the HTTPS scheme instead, as Apple does not allow for HTTP URLs as callbacksOr maybe I am doing something wrong... my keycloak server is configured via a helm chart using the following command -
helm install auth-keycloak codecentric/keycloak --version 18.1.1