Skip to content
This repository has been archived by the owner on Apr 5, 2022. It is now read-only.

Redirect_Uri use http instead of https with Spring social Facebook Login on Heroku #245

Open
keyuls opened this issue Jun 28, 2018 · 8 comments
Open

Redirect_Uri use http instead of https with Spring social Facebook Login on Heroku #245

keyuls opened this issue Jun 28, 2018 · 8 comments

Comments

@keyuls
Copy link

keyuls commented Jun 28, 2018

Summary

When I click on the following link from the spring mvc web application
https://www.website.com/auth/facebook
It redirects to this link
https://www.facebook.com/v2.5/dialog/oauth?client_id=1234567890&response_type=code&redirect_uri=http%3A%2F%2Fwww.website.com%2Fauth%2Ffacebook&scope=email&state=62b42bqd-f8y8-44a3-dbcs-a13ce12bfcce

In this, redirect_uri takes http instead https. How to forced https to redirect_uri?

Actual Behavior

redirect_uri takes http instead https

Expected Behavior

redirect_uri should take https instead http

Configuration

Spring MVC
Spring Security
Spring Social
Hibernate
Jetty

Version

spring social - 1.1.6.RELEASE
spring social facebook - 2.0.3.RELEASE
@addam
Copy link

addam commented Jul 23, 2018

I found a workaround here: http://forum.spring.io/forum/spring-projects/web/social/130520-redirect-problem-with-https
To be more specific, the solution is to set ProviderSignInController.setApplicationUrl("https://something") within the SocialConfigurerAdapter bean. Not that I understand what I'm doing.

Still I believe that spring-social-facebook should set https by default since all apps have to be secured by October.

@fieder
Copy link

fieder commented Oct 17, 2018

that workaround @addam did not work for us. I don't think adding Heroku is relevant as the problem seems to be linked to Spring software regardless of the running environment. We are facing the same issue in our own servers and Amazon EC2.

We are in Spring 4.x

@andres-morenogr
Copy link

Hello @fieder, have you solved the problem yet? We're facing the same problem but we have and ElasticBeanstalk instance. Maybe there is something in the library that we could change to solve this?

@fieder
Copy link

fieder commented Oct 20, 2018

@andres-morenog not yet I'm afraid...please vote the original issue

@andres-morenogr
Copy link

Thank you @fieder i will

@andres-morenogr
Copy link

Hello @fieder we manage to do a workaround. The solution we found was changing the code in the social connect library, specifically the ConnectSupport class in the social/connect/web route and in the RedirectView class in the web/servlet/view route you'll see that they're using http to build the URL. Hope this helps.

@fieder
Copy link

fieder commented Oct 23, 2018

@andres-morenog thanks for sharing your workaround. I found ConnectSupport (spring-social-web-1.1.4.RELEASE) and RedirectView (spring-webmvc-4.1.6.RELEASE) but I could not found where they are wiring http instead of https? How did you implement it?

@andres-morenogr
Copy link

andres-morenogr commented Oct 23, 2018
edited
Loading

@fieder You're welcome, here is the exact location of the code. Hope this helps.
workaround1
workaround2

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@addam @fieder @keyuls @andres-morenogr