Redirect_Uri use http instead of https with Spring social Facebook Login on Heroku

[keyuls]

Summary

When I click on the following link from the spring mvc web application https://www.website.com/auth/facebook It redirects to this link https://www.facebook.com/v2.5/dialog/oauth?client_id=1234567890&response_type=code&redirect_uri=http%3A%2F%2Fwww.website.com%2Fauth%2Ffacebook&scope=email&state=62b42bqd-f8y8-44a3-dbcs-a13ce12bfcce

In this, redirect_uri takes http instead https. How to forced https to redirect_uri?

Actual Behavior

redirect_uri takes http instead https

Expected Behavior

redirect_uri should take https instead http

Configuration

Spring MVC Spring Security Spring Social Hibernate Jetty

Version

spring social - 1.1.6.RELEASE spring social facebook - 2.0.3.RELEASE

[addam]

I found a workaround here: http://forum.spring.io/forum/spring-projects/web/social/130520-redirect-problem-with-https To be more specific, the solution is to set ProviderSignInController.setApplicationUrl("https://something") within the SocialConfigurerAdapter bean. Not that I understand what I'm doing.

Still I believe that spring-social-facebook should set https by default since all apps have to be secured by October.

[fieder]

that workaround @addam did not work for us. I don't think adding Heroku is relevant as the problem seems to be linked to Spring software regardless of the running environment. We are facing the same issue in our own servers and Amazon EC2.

We are in Spring 4.x

[andres-morenogr]

Hello @fieder, have you solved the problem yet? We're facing the same problem but we have and ElasticBeanstalk instance. Maybe there is something in the library that we could change to solve this?

[fieder]

@andres-morenog not yet I'm afraid...please vote the original issue

[andres-morenogr]

Thank you @fieder i will

[andres-morenogr]

Hello @fieder we manage to do a workaround. The solution we found was changing the code in the social connect library, specifically the ConnectSupport class in the social/connect/web route and in the RedirectView class in the web/servlet/view route you'll see that they're using http to build the URL. Hope this helps.

[fieder]

@andres-morenog thanks for sharing your workaround. I found ConnectSupport (spring-social-web-1.1.4.RELEASE) and RedirectView (spring-webmvc-4.1.6.RELEASE) but I could not found where they are wiring http instead of https? How did you implement it?

[andres-morenogr]

@fieder You're welcome, here is the exact location of the code. Hope this helps.