BFF client fails to issue token

[dmontgomery]

Hi,

We have a new BFF app which is based on your template dotnet new duende-bff-localapi.

Our BFF is proxied behind NGINX, and the BFF is hosted at the endpoint "https://host.example.com/myapp"

We're using the UsePathBase() to specify the '/myapp' route and everything works as expected until the BFF library sends the request to the 'authorize' endpoint of our IDP. The request contains:

https://idp.example.com/idp/connect/authorize?client_id=our.client.id&redirect_uri=http%3A%2F%2Fhost.example.com%2Fmyapp%2Fsignin-oidc&response_type=code&...

The problem is the redirect_uri for this request is http, not https. We get a TokenIssuedFailureEvent with an "invalid_request/invalid_redirect_uri" error.

How can we force this callback to use only an https redirect_uri value? Using UseHsts(); in our request pipeline seemed to have no effect.

Thank you.

[dmontgomery]

So the answer to the token issue problem was related to the X-FORWARDED-PROTO header not getting set properly by the proxy.

Adding this code (until proxy is fixed):

if (!app.Environment.IsDevelopment()) { app.Use((context, next) => { context.Request.Scheme = "https"; return next(context); }); }