Facebook Login HTTPS redirect uri
See original GitHub issueFacebook is recommending that I use a HTTPS redirect URL, instead of HTTP. I’ve been trying to find a way to configure it to generate a HTTPS URL, at the moment it’s generating a HTTPs URL.
Currently it is generating: http://example.com/signin-facebook for the redirect_uri, but I’d like a HTTPS URL to redirect the user to.
Is there a way to configure it to generate a HTTPS URL?
This relates to packages Microsoft.Owin.Security and Microsoft.Owin.Security.Facebook.
Currently my OwinStart looks like this:
public class OwinStart
{
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Welcome")
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure Facebook authentication
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = ConfigurationManager.AppSettings["FacebookAppId"],
AppSecret = ConfigurationManager.AppSettings["FacebookAppSecret"]
});
}
}
Also, there doesn’t appear to be a way of Forcing HTTP within the FacebookAuthenticationOptions class or from the Challenge() method that instigates the redirect to Facebook:
internal class ChallengeResult : HttpUnauthorizedResult
{
// TODO: Specify an XsrfKey?
private const string XsrfKey = "SomethingHere";
public ChallengeResult(string provider, string redirectUri)
: this(provider, redirectUri, null)
{
}
public ChallengeResult(string provider, string redirectUri, string userId)
{
this.LoginProvider = provider;
this.RedirectUri = redirectUri;
this.UserId = userId;
}
public string LoginProvider { get; set; }
public string RedirectUri { get; set; }
public string UserId { get; set; }
public override void ExecuteResult(ControllerContext context)
{
var properties = new AuthenticationProperties { RedirectUri = this.RedirectUri };
if (this.UserId != null)
{
properties.Dictionary[XsrfKey] = this.UserId;
}
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, this.LoginProvider);
}
}
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Where does one set the Oauth Redirect URI for Facebook ...
Then under "Client OAuth Settings" enter the URL in the "Valid OAuth redirect URIs" box. Share.
Read more >Strict URI Matching - Meta for Developers - Facebook
All redirect URI's used by an app need to be listed in the Valid OAuth redirect URIs list in the app's Login Settings...
Read more >Manually Build a Login Flow - Facebook Login - Documentation
Invoking the Login Dialog and Setting the Redirect URL. Your app must initiate a redirect to an endpoint which will display the login...
Read more >Requiring HTTPS for Facebook Login - Meta for Developers
Any insecure redirect URIs or pages making Login or API calls with the JavaScript SDK from HTTP pages will stop working after that...
Read more >General Support - Social Login - Facebook - CreativeMinds
1. Create a Facebook developer account on https://developers.facebook.com/ · 2. Create a Facebook App · 3. Add Facebook Login · 4. Enter the...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
No, you should keep the https redirect. To get FacebookAuth to generate the correct urls you should do read x-forwarded-scheme and set the request scheme. E.g.
A key item in the above is that it is necessary do this if your application offloads SSL (to SSL concentrator/load balancer, etc) as stated in the SO answer
http
http
So your app must force it’s context to https without doing things like
HttpRequest.IsSecureConnection
or similar - that will never betrue
and results in a redirect loop.