flask-unchained
flask-unchained copied to clipboard
wrong redirect uri for oauth using docker
When running backend in a docker container using backend as its dns, a frontend proxying to the backend hosting at example.com, gitlab url conains backend:5000 which should be example.com:
&redirect_uri=https%3A%2F%2Fbackend%3A5000%2Fauth%2Fauthorized%2Fgitlab&scope=openid+read_user
The config.py contains this for oauth:
OAUTH_REMOTE_APP_GITLAB = dict(
consumer_key=os.getenv('OAUTH_GITLAB_CONSUMER_KEY', ''),
consumer_secret=os.getenv('OAUTH_GITLAB_CONSUMER_SECRET', ''),
base_url='https://gitlab.com/api/v4/user',
access_token_url='https://gitlab.com/oauth/token',
access_token_method='POST',
authorize_url='https://gitlab.com/oauth/authorize',
request_token_url=None,
request_token_params={'scope': 'openid read_user'},
)
Adding SERVER_NAME='example.com' breaks
The problem is url_for in bundles.oauth.views.OAuthController.login, which creates http://backend:5000.
return provider.authorize(callback=url_for(
'o_auth_controller.authorized', remote_app=remote_app,
_external=True, _scheme='https'))
Is there a way to customize the generated url_for. Setting SERVER_NAME='example.com' breaks, frontend be able to reach the server using backend:5000.
A workaround is to change headers host in proxy:
const express = require('express')
const proxy = require('express-http-proxy')
const app = express()
...
app.use(/^\/api|auth\//, proxy(`http://${backendHost}:${backendPort}`, {
proxyReqOptDecorator: function(proxyReqOpts, srcReq) {
proxyReqOpts.headers['HOST'] = srcReq.headers['host'];
return proxyReqOpts;
},
...
What happens if you set EXTERNAL_SERVER_NAME='example.com'
(also with _external=True
)?