Enforcing https when generating redirect url for oauth2 flow #1302
Description
Issue submitter TODO list
- I've searched for an already existing issues here
- I'm running a supported version of the application which is listed here and the feature is not present there
Is your proposal related to a problem?
I just finished setting up oauth2 against AzureAD and it seems to work great apart from one issue. I have my service behind a loadbalancer which publically uses https, but the upstream/origin is using http.
Due to this fact, the oauth2 is producing a redirect uri that has http-scheme, and not https (probably since it use the request context to decide this).
If I manually set the redirect-uri configuration setting, I can force it to https but then I need to also know exactly which hostname it uses (doable, but reguires more configuration juggling).
Is there any way to enforce https for generated URLs? I tried looking at the documentation, but couldn't find anything.
Describe the feature you're interested in
I would like a way to tell the oauth2 login system that it should generate links with https scheme even though the service is running over http.
Having the TLS session terminate at a loadbalancer is not that uncommon, so I feel that I'm not alone on this even if I couldn't find any other issue for it.
Describe alternatives you've considered
I can use redirect-uri but then the configuration needs to know about the actual hostname in use, this complicates a multi-env setup (with, dev, stage, prod).
Version you're running
8b5494b v1.3.0
Additional context
No response