cadecairos
commented
7 years ago @omab Can you weigh in on this?
Closed Pomax closed 7 years ago
cadecairos
commented
7 years ago @omab Can you weigh in on this?
omab
commented
7 years ago @Pomax, @cadecairos, python-social-auth uses Django build_absolute_uri helper that's in the HTTP Request class, looking at the code, you can see that it uses get_host() method defined a few lines above, this one uses _get_raw_host(), which will attempt to determine the host based on settings and/or request headers.
The common use case is to make the front server, load-balancer, proxy, etc, set the X-Forwarded-Host header with the domain, but to make it work with Django, ensure that the setting USE_X_FORWARDED_HOST is set to True.
More details on thins can be found in Django docs.
cadecairos
commented
7 years ago Thanks for the help @omab, we'll give this a go tomorrow and report back here our findings.
cadecairos
commented
7 years ago Got it working using X-Forwarded-Host - thanks @omab
Pomax
commented
7 years ago I'll echo that: thanks!
We're using a domain-forwarded setup in which the code itself runs on
project-plus-random-prefix.ourstagingserver.orgbut this code is accessed throughproject-staging.ourserver.org(which acts as router for a number of different requests, one set of those being django routes, others being completely different things). When using Google Auth (oauth2) we can't seem to point the google callback toproject-staging.ourserver.org/soc/complete/google-oauth2because the redirect_url that the social auth library adds into the login is forproject-plus-random-prefix.ourstagingserver.org, and I cannot seem to find anything in the docs that explain how to tell social auth what the actual redirect uri should be.I did find
SOCIAL_AUTH_LOGIN_REDIRECT_URLin http://python-social-auth-docs.readthedocs.io/en/latest/configuration/settings.html#urls-options but this documentation seems to suggest this is a path rather than a full URL, so if this value can be used for a fully qualified URL, can the docs be updated to explicitly mention that? And if not, what is the correct way to make sure social-auth uses the domain that it needs to be using for auth to succeed?