HTTP to HTTPS redirect seems to break OAuth2
paul121 opened this issue · comments
We've chosen to force the aggregator to connect to farmOS servers via https
when running in production. This works by defaulting to the https
scheme unless the AGGREGATOR_OAUTH_INSECURE_TRANSPORT
flag is set in which case the default is http
. (Note that a farm url can still supply a scheme, which is then used instead of the defaults)
The problem we found is that making an http
request to authorize or refresh tokens (any request to the /oauth2/token
endpoint on the farmOS server, basically) on a server that redirects to https
fails. The server responds with an error message like: (invalid_request) The request method must be POST when requesting an access token
. Need to investigate that more, but it seems like it might be related to the redirect.
For now, this is not a concern as our first use case for the aggregator requires farmOS servers to use https
. We will need to revisit this in the future to allow both https
and http
in production
we are facing a similar issue when authorizing the Farmos from a Farmos-Aggregator.
The FarmOS showed "Page not found" with URL of oauth2/authorize?response_type=code....
Is there any update on this issue?
@loc-ng That sounds like a different issue - can you please open a new one instead?