Closed Nicialy closed 1 year ago
@Nicialy there is nothing in the BlackSheep OIDC implementation that can cause a different behavior depending on the scheme of the request. I used the OIDC integration with apps over HTTPS and didn´t experience such issue. I tried with Google integration over HTTPS using ngrok, and it works as expected.
Did you enable both redirect URLs in your Google app settings? My configuration looks like:
If you don´t provide reproduction steps I cannot help more.
I suspect, if you forget to add the right "Authorized redirect URL" with HTTPS scheme, and you have only one with HTTP, the identity provider can redirect you to the enabled value, with error information (redirect_uri_mismatch). In that case you can experience a redirect to a different scheme (as a collateral effect) when trying to make a user flow.
I dont understand why, but google oidc work differently on https server, he changed request with POST on GET. Normal oidc my localhost:
https server: on my localhost Why on my server google-callback changes type request?