{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《Oauth provider behind reverse proxy》','https://www.manongdao.com/q-1277598.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I try to use OAuth Provider in PHP (PECL Package) behind a apache reverse-proxy
the client uses
POST https://api.com/resource/oauth/request-token
but my oauth provider receives
POST http://api.com/mywebservice/resource/oauth/request-token
the signature cannot be verified so the request fails
have you any idea about resolving this issue?
I had to do this once. I ended up modifying the OAuth code to pass along the actual URL the provider will receive as well the URL I need to send to from behind my proxy. The former was used in the signature and the latter in the HTTP request. It was a pain and not portable (if anything changed in the proxy, the code would stop working)
We had the same issue (less complicated where our reverse proxy was changing HTTPS to HTTP inside the network).
You can enable your load balancer (whatever you're using as a reverse proxy) to forward the proper header scheme (and more).
For example in Nginx you can leverage both:
and
This might not be a direct contextual solution to this old problem, but I spent 7 hours trying to debug our issue so I'm sure this will come in handy for someone.