Is there a way to override the port and host of the server handling redirects in oauth2 authorization_code flow

[dinurp]

Hi,

I am trying to use httpyac inside a container with authorization_code flow. The authorization server is external to the container. I have a port of the container handling the redirect from the authorization server, mapped to an host via reverse proxy. But unfortunately, I cannot have the same port for the server in the container for the reverse proxy. Is there a way to override the server port (and the bound address) to support this case?
For illustration, changing server.listen(port); to

    server.listen(process.env.REDIRECT_SERVER_PORT || port, process.env.REDIRECT_SERVER_HOST );

works.

Currently I run a simple redirect server locally to have this working.

Thanks
Dinu

[AnWeber]

@dinurp Currently there is no way to distinguish the redirectUri and the port, but a change would be possible. But I have not understood the problem yet. Actually, you should be able to solve the problem using Docker/Container. The port in the container does not have to be the same as the port on the host. For example, the httpyac server in the container listens on port 3000 mapped to the host could be 8080.

docker-compose.yml

version: '3.2'
services:
  keycloak:
    container_name: httpyac
    ports:
      - 8080:3000
    image: httpyac/cli:1.0.0

[dinurp]

If the redirectURI is http://localhost:3000/callback, the browser gets stuck pointing to that URI when IDP redirects, as nothing is listening on that port on the machine where browser runs. I am looking for a way to say redirectURI is http://my-container-name:port/callback while httpyac listens on http://localhost:3000/callback. Host and port mapping is done externally. Port mapping at the container is not enough, is it?

Today, I run a server locally (where browser runs) on 3000 and redirects to http://my-container-name:port/callback (with rest of the path) to complete the flow. If the redirectURI was already http://my-container-name:port/callback, there would be no need for this. This was my thought.

[AnWeber]

@dinurp But that would be possible with the approach I described. By means of the setting oauth2_redirecturi the url can be changed (e.g. http://mymachine:9999/oauth2). httpyac listens also at port 9999. but with the docker port mapping it could be changed to port 3000 for the host. That should actually work. If not, you could possibly describe the setup again.

[AnWeber]

I made an example with a VSCode devcontainer. httpyac would open port 9999 by the command httpyac test.http --all in the container. But on localhost port 3000 would be used.
example.zip

[dinurp]

Thanks for looking into this.

I'm not sure how that would work. If you set the redirectURI to http://mymachine:9999/oauth2, the IDP would redirect to http://mymachine:9999/oauth2. Then the browser would trying to contact http://mymachine:9999/oauth2, where there is no one listening, Is it not? Container is listening on port 3000.

In my case, IDP always redirects to the url in redirectURI. I have to register the url with IDP as a valid one to expect. I thought this is the rule.

In my case, I have a containerized dev environment accessed via browser based on Eclipse Theia. The environment maps a host to any opened port in the container. From the browser I can reach the port using that host. Say the port opened is 3000 (by httpYac). I need to use the hostname https://port3000-something-something.com to send a request to that port. It works only from the same browser, as cookies are needed for authentication.

If I set the redirectURI as http://localhost:3000/callback, the IDP will send redirect with the code to http://localhost:3000/callback. This request is supposed to reach httpyac. This request is to be send to https://port3000-something-something.com/callback for it to reach httpyac. When there is no server listening on 3000, browser shows error. Currently I run a server on 3000 that sends a redirect (307) to https://port3000-something-something.com with the path. This sends the request to httpyac and all is well. I am wondering if there is a way to avoid running this server on my machine.

If I set the redirectURI as https://port3000-something-something.com/callback, the IDP will redirect me with the code to https://port3000-something-something.com/callback. But httpyac is not listening on port 3000. So the code never reaches httpyac.

Is there a way to suggest to httpyac to listen on http://localhost:3000/callback, even when the redirectURI is set to https://port3000-something-something.com/callback? That was my question.

PS: I am using CLI, not VS Code plugin.

[AnWeber]

I have added the desired server port configuration. From the next release you can now simply define the port using oauth2_serverPort. This can be filled independently of the RedirectUri. If no port is specified, the port of the RedirectUri will be used again.

[dinurp]

Thanks. Looking forward to the next version.

[AnWeber]

@dinurp v5.6.0 is published. thx