If callbackURL is relative, it becomes http:// url when it should be https://

jaredhanson / passport-oauth2

OAuth 2.0 authentication strategy for Passport and Node.js.

https://www.passportjs.org/packages/passport-oauth2/?utm_source=github&utm_medium=referral&utm_campaign=passport-oauth2&utm_content=about

MIT License

607 stars 343 forks source link

If callbackURL is relative, it becomes http:// url when it should be https:// #137

Open 1aerostorm opened 3 years ago

1aerostorm commented 3 years ago

koa ^2.13.0 koa-passport latest passport-facebook latest

Facebook can't authenticate because callbackURL becomes http://. But my request URL is https://.

Then I providing absolute callbackURL with https:// scheme, it working.

It is due to this check: https://github.com/jaredhanson/passport-oauth2/blob/master/lib/utils.js#L27 req.connection.encrypted is very obsolete and not working, we should use req.secure for both Express and Koa.

simonbergstrom commented 3 years ago

1 on this issue. Any workaround when using relative path? It would be really good to solve.

mr-pinzhang commented 1 year ago

facing the same issue here, I have to pass a new calculated URL with "https" when running passport.authenticate(..., { callbackURL: 'https://...' })