As part of the oauth configuration used to authenticate access to Instances, we provide the callback uri as a relative path - and let passport map that to a fully qualified one based on the request being handled. This was necessary to handle the custom domains work - when a user could be accessing the editor from different urls and we need to complete the auth flow on the url they are using.
However, the passport code relies on the x-forwarded-proto header to know if the original request was https or http. With our current FFC configuration (multiple layers of load-balancer), that header is arriving with a value of http, not https. Which leads the callback uri to be set to http.
We need to modify the callback uri generation in the launcher to set the full path. This will require monkey-patching the passport-oauth2/lib/strategy.authenticate function to generate the callback uri as we need it.
Current Behavior
As part of the oauth configuration used to authenticate access to Instances, we provide the callback uri as a relative path - and let
passportmap that to a fully qualified one based on the request being handled. This was necessary to handle the custom domains work - when a user could be accessing the editor from different urls and we need to complete the auth flow on the url they are using.However, the
passportcode relies on thex-forwarded-protoheader to know if the original request was https or http. With our current FFC configuration (multiple layers of load-balancer), that header is arriving with a value ofhttp, nothttps. Which leads the callback uri to be set to http.We need to modify the callback uri generation in the launcher to set the full path. This will require monkey-patching the
passport-oauth2/lib/strategy.authenticatefunction to generate the callback uri as we need it.Expected Behavior
No response
Steps To Reproduce
No response
Environment
Linked Customers