Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v3.0.0-next.2] Post Logout Redirect URI proto set incorrectly when behind TLS-terminating reverse proxy #285

Closed
heikkilamarko opened this issue Jan 8, 2024 · 3 comments · Fixed by #389
Closed

[v3.0.0-next.2] Post Logout Redirect URI proto set incorrectly when behind TLS-terminating reverse proxy #285

heikkilamarko opened this issue Jan 8, 2024 · 3 comments · Fixed by #389
Assignees
@muhlemmer
Labels
auth devx released

Comments

@heikkilamarko
Copy link

I've encountered an issue with the post logout redirect URI protocol being set incorrectly when my API is behind a TLS-terminating reverse proxy. Despite configuring the post logout redirect URL with the "https://" protocol, the SDK implementation sets the protocol to "http." This is likely due to the reverse proxy terminating TLS and calling the service without TLS.

zitadel-go/pkg/authentication/authenticate.go

Lines 131 to 133 in aad6fea

proto := "http"
if req.TLS != nil {
proto = "https"

Screenshot 2024-01-08 at 10 43 37
@hifabienne
Copy link
Member

@livio-a can you help here?

@gmatu1
Copy link

gmatu1 commented Jul 12, 2024
edited
Loading

Is there any progress on this issue?

I have the same problem.
TLS is terminated on kubernetes ingress, so as pointed out by heikkilamarko the line 132 returns false and the query param to auth-server always contains "post_logout_redirect_uri=http://..."

Solution would be to specify postLogoutRedirectUri as additional parameter to authentication.New() or at least to reuse the protocol from redirectUri.

@hifabienne hifabienne moved this to 🧐 Investigating in Product Management Jul 15, 2024
@livio-a livio-a added the devx label Jul 31, 2024
@livio-a livio-a moved this from 🧐 Investigating to 🐛 Bugs/Small Issues in Product Management Jul 31, 2024
@muhlemmer muhlemmer self-assigned this Oct 8, 2024
@muhlemmer muhlemmer mentioned this issue Oct 8, 2024
Merged
13 tasks
@muhlemmer muhlemmer moved this from 🐛 Bugs/Small Issues to 👀 In review in Product Management Oct 8, 2024
@livio-a livio-a closed this as completed in 324d8db Oct 9, 2024
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in Product Management Oct 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 9, 2024

🎉 This issue has been resolved in version 3.2.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@muhlemmer muhlemmer

Labels
auth devx released
Projects
Product Management
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(auth): allow setting external secure zitadel/zitadel-go
5 participants
@heikkilamarko @muhlemmer @livio-a @hifabienne @gmatu1