We've chosen to force the aggregator to connect to farmOS servers via https when running in production. This works by defaulting to the https scheme unless the AGGREGATOR_OAUTH_INSECURE_TRANSPORT flag is set in which case the default is http. (Note that a farm url can still supply a scheme, which is then used instead of the defaults)

The problem we found is that making an http request to authorize or refresh tokens (any request to the /oauth2/token endpoint on the farmOS server, basically) on a server that redirects to https fails. The server responds with an error message like: (invalid_request) The request method must be POST when requesting an access token. Need to investigate that more, but it seems like it might be related to the redirect.

For now, this is not a concern as our first use case for the aggregator requires farmOS servers to use https. We will need to revisit this in the future to allow both https and http in production

we are facing a similar issue when authorizing the Farmos from a Farmos-Aggregator.

The FarmOS showed "Page not found" with URL of oauth2/authorize?response_type=code....
Is there any update on this issue?

@loc-ng That sounds like a different issue - can you please open a new one instead?