Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃悰 Bug Report: Invalid evaluation of oauth redirect_uri protocol in case of reverse proxy/http client #5545

Closed
2 tasks done
NotNullDev opened this issue May 17, 2023 · 3 comments
Closed
2 tasks done

馃悰 Bug Report: Invalid evaluation of oauth redirect_uri protocol in case of reverse proxy/http client #5545

NotNullDev opened this issue May 17, 2023 · 3 comments
Assignees
@stnguyen90
Labels
bug Something isn't working product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.

Comments

@NotNullDev
Copy link

NotNullDev commented May 17, 2023
edited

馃憻 Reproduction steps

Create web app and install web sdk.

Access app via browser and invoke Account.createOAuth2Session("google", "...", "....") (make sure we are using http not https)

馃憤 Expected behavior

Evaluation of the protocol is based API Endpoint which is available in the Dashboard settings -> Overview -> API Credentials

馃憥 Actual Behavior

TLDR: redirect_uri passed to the provider starts with http:https:// instead of https://

After calling createOAuth2Session metod in web sdk, in the account.php file we are creating callback url with protocol of request host, which can differ from the protocol which is used by a server.

I created web app which uses appwrite web sdk. My web application is running on http:https://localhost:5173.
I deployed appwrite on the VPS, and my domain support https protocol (I can connect via https to the dashboard, calls from sdk are returning 401 error codes).

My client configuration (replaced my domain with example.com):
new Client().setEndpoint('https://appwrite.example.com/v1').setProject('12345');

I suspect it can be due this line:

appwrite/app/controllers/api/account.php

Line 285 in 9534852

$protocol = $request->getProtocol();

If application is deployed behind reverse proxy, the connection between reverse proxy and appwrite will be unencrypted, via http, so in this case the redirect_uri will be always invalid.

400_google

馃幉 Appwrite version

Appwrite Cloud

馃捇 Operating system

Linux

馃П Your Environment

No response

馃憖 Have you spent some time to check if this issue has been raised before?

  • I checked and didn't find similar issue

馃彚 Have you read the Code of Conduct?
@NotNullDev NotNullDev added the bug Something isn't working label May 17, 2023
@NotNullDev NotNullDev mentioned this issue May 17, 2023
Closed
@stnguyen90
Copy link
Contributor

@NotNullDev, thanks for creating this issue! 馃檹馃徏

If application is deployed behind reverse proxy, the connection between reverse proxy and appwrite will be unencrypted

I would actually recommend proxying to Appwrite using HTTPS to correct this problem.

@stnguyen90 stnguyen90 added the product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services. label May 18, 2023
@stnguyen90 stnguyen90 self-assigned this May 18, 2023
@stnguyen90
Copy link
Contributor

@NotNullDev, did you get a chance to try my recommendation? FYI, I'll need to close this soon due to inactivity.

@stnguyen90 stnguyen90 closed this as not planned Won't fix, can't repro, duplicate, stale Aug 3, 2023
@NotNullDev
Copy link
Author

Yeah, sorry for the lack of update before.
Using between proxy and appwrite resolved the issue, just as you suggested.
Thanks ;d

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stnguyen90 stnguyen90

Labels
bug Something isn't working product / auth Fixes and upgrades for the Appwrite Auth / Users / Teams services.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stnguyen90 @NotNullDev