Tristan Tao Tristan Tao - 1 month ago 20
Ruby Question

Change the OAuth URI of an app sitting behind a reverse proxy

We're getting a Oauth1.0 signature mismatch, seemingly due to our production box sitting behind a reverse proxy.

Our entire codebase works (signature matches) on our beta box at (http://beta.mainwebsite.com), but fails at (https://www.mainwebsite.com).

It seems like the reason is that our external client signs using our host URI which is slightly differently from our internal URI (I suspect they sign the external https and we try to verify using the internal http addr).

Any thoughts on how to fix this? I figured a dirty approach would be to change the request URI somewhere in the OAuth, but I'm really trying to refrain from such unportable approach.

We're running the standard OAuth gem for ruby.

Answer

We ended up going with changing the setting at our nginx proxy level to properly forward the request protocol.

See this answer for more details: Oauth provider behind reverse proxy