How to force an HTTPS callback using Microsoft.AspNetCore.Authentication.Google?
I finally figured it out.
Step 1: Make sure Nginx is sending the necessary forwarding headers, for example:
server { # other stuff ... location / { # other stuff ... proxy_set_header X-Forwarded-Proto $scheme; # you could also just hardcode this to https if you only accept https }}
Step 2: By default, AspNetCore will ignore these headers. Install the middleware that processes it:
PM> Install-Package Microsoft.AspNetCore.HttpOverrides
Step 3: in your Configure
function, apply the middleware.
app.UseForwardedHeaders(new ForwardedHeadersOptions{ ForwardedHeaders = ForwardedHeaders.XForwardedProto});
This should correctly change the Context.Request.Scheme
value to https, which will cause the authentication middleware to generate the correct redirect_uri
.