passport-oauth2 icon indicating copy to clipboard operation
passport-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

If callbackURL is relative, it becomes http:// url when it should be https://

Open 1aerostorm opened this issue 3 years ago • 2 comments

koa ^2.13.0 koa-passport latest passport-facebook latest

Facebook can't authenticate because callbackURL becomes http://. But my request URL is https://.

Then I providing absolute callbackURL with https:// scheme, it working.

It is due to this check: https://github.com/jaredhanson/passport-oauth2/blob/master/lib/utils.js#L27 req.connection.encrypted is very obsolete and not working, we should use req.secure for both Express and Koa.

1aerostorm avatar May 16 '21 11:05 1aerostorm

  • 1 on this issue. Any workaround when using relative path? It would be really good to solve.

simonbergstrom avatar May 21 '21 17:05 simonbergstrom

facing the same issue here, I have to pass a new calculated URL with "https" when running passport.authenticate(..., { callbackURL: 'https://...' })

mr-pinzhang avatar Jul 13 '23 16:07 mr-pinzhang