Menu
I try to use OAuth Provider in PHP (PECL Package) behind a apache reverse-proxy
the client uses
POST https://api.com/resource/oauth/request-token
but my oauth provider receives
POST http://api.com/mywebservice/resource/oauth/request-token
the signature cannot be verified so the request fails
have you any idea about resolving this issue?
300
The reverse proxy can be used to authenticate and authorize requests before they are proxied to the destination servers. This can reduce load on the destination servers, add a layer of protection, and ensure consistent policies are implemented across your applications.
oauth2-proxy makes an HTTP request to Google containing the ID token along with a client ID and client secret that Google has uniquely assigned to your instance of oauth2-proxy. This step is a necessary part of the OAuth flow. A malicious user could spoof the request with a made-up ID token.
OAuth2 Proxy is a reverse proxy and static file server that provides authentication using third-party providers like Google, GitHub, and others for validating accounts by email, domain, or group.
OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application.
I had to do this once. I ended up modifying the OAuth code to pass along the actual URL the provider will receive as well the URL I need to send to from behind my proxy. The former was used in the signature and the latter in the HTTP request. It was a pain and not portable (if anything changed in the proxy, the code would stop working)
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
