Hi,
We have a asp.net core app running in a container over http with a reverse proxy sitting infront of it doing https. When the OpenId redirect gets triggered for auth it sends back a http redirect url which fails as its not white listed (i think its getting this from the original request being http from the reverse proxy).
Is there a way to force https for the redirect url?
Thanks
OpenID redirects are whitelisted based on the spec. Getting in the business of specifying a redirect to the authorize route and modifying it once we return is definitely something that breaks OpenID spec compliance.
Out of curiosity, is there any reason why you can’t specify the https redirect URL for the authorize route?
Are you using ASP.NET Core’s OpenID Connect package? The callback path uses the application’s base path, so you just need to set that to https, and I think you would be set.
Let me know any questions.
Thanks,
Tom
It is implemented the same way the sample dotnet core app uses and the auth route is set as: options.CallbackPath = “/Account/Login”;
So how do i set the application base path?