Closed prognostikos closed 11 years ago
Could the problem be your proxying? If it changes the host name when proxying, the transfer stuff might blow up, since it's intended to support copying sessions across domains.
@alexstaubo I don't know how else I can proxy from the main application to checkpoint.
The hostname also seems to be changed when it's deployed using Erik's deployment documentation
I can't follow those directions exactly as I'm deploying to Heroku, but in principle I'm doing the same thing in my application, just using rack-proxy/rack-reverse-proxy instead of Nginx/HAProxy.
Perhaps checkpoint needs to explicitly use the X-Forwarded-Host header?
Right now for me the only way I can get checkpoint to work is to set the primary_domain to be the domain of the site that is using checkpoint and to configure Facebook to also call back to the site. The transfer stuff (i.e. using checkpoint.example.com as primary domain & oauth callback domain with staging.example.com and example.dev) just isn't working for me.
Checkpoint does support the X-Forwarded-Host header through Rack. We use it all the time in our setup. Are you sure Rack::Proxy does? I vaguely remember we had to patch it severely a year ago when we tried to use it for a similar purpose.
@simen I've switched to rack-reverse-proxy at the latest commit which added support for X-Forwarded-Host and still getting the exception.
It would be interesting to see a dump of the headers and the value of request.host when the request arrives at checkpoint!
I'm running into an issue and I'm not sure if it's because I made a configuration mistake or if it is an actual bug.
I have an application at
staging.example.com
. It uses rack-proxy to replace the hostname withcheckpoint.example.com
for requests that start with/api/checkpoint
as shown below:I eventually also want to use this checkpoint instance to work with
*.example.dev
andwww.example.com
.I have a realm configured to authenticate with Facebook, and the website url in the facebook configuration is
checkpoint.example.com
. The domainsexample.dev
,staging.example.com
,www.example.com
, andcheckpoint.example.com
are added to the realm, and the primary domain is set to becheckpoint.example.com
.If I make a request from
staging.example.com
to/api/checkpoint/v1/login/facebook?redirect_to=https://staging.example.com/login/succeeded
I see the messages below in my logs. (I have much more information about the but it is hard to anonymize - I can provide a private gist on request).What I expect is that checkpoint handles the authentication and transfers me back to
staging.example.com
. I can see that the Account and Identity are updated with the correct information -- it seems to be dying in the transfer phase.It seems to me that the redirect_to parameter is not being properly stored in the session and checkpoint is blowing up when it sends
nil
toURI.parse
. Again I'm not sure if it is due to my configuration or if it's an actual bug.