Override Base URL in Callback?

Hi everyone,

Looking for some assistance with an issue I’m facing.

We implemented an Okta hosted login flow using asp.net core and the OpenIdConnect nuget package from MS. The app in question is deployed in an Azure App Service and has been functioning flawlessly for some time now. However, we’re deploying Azure Application Gateway in front of the App Service and are running into some issues with he callback url’s base path being taken from the domain name of the Azure App service and cannot find a way to override this behavior.

The app service is on a domain like: “domain.azurewebsites.net” while the client only sees the “domain.com” which is served from the App Gateway in-front of the App Service. What happens in this case is when the user hits “domain.com”, they are redirected to id.domain.com(our OKTA domain) but the application in Okta is configured to use “domain.com” not “domain.azurewebsites.net” which results in an error.

I stumbled upon upon some code which indicates using some of the events to hook into the flow and update the domain name at runtime. This has seemed to work for the login portions, but it seems like there are multiple events(logout related), that one would need to modify and I can’t find anything definitive stating this is the proper way to go about this.

options.Events.OnRedirectToIdentityProvider = async context =>
	context.ProtocolMessage.RedirectUri = $"{Configuration["HostName"]}/signin-oidc";
	await Task.CompletedTask;

Is this what everyone is doing when deploying behind a layer7 proxy and protocals/host names do not match?