Google OAuth issue with redirect
I have set up Google OAuth correctly and I am having issues with redirect URI, where the URI is being set to HTTP instead of HTTPS. I made sure that I supply all the URLs as HTTPS. However, there is a specific auth call to https://accounts.google.com/o/oauth2/v2 with the following payload:
client_id: {my client id}
redirect_uri: http://test-appwrite.pacehome.net/v1/account/sessions/oauth2/callback/google/{id}
scope: https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid
state: {"success":"https:\/\/djar-dev.pacehome.net","failure":"https:\/\/djar-dev.pacehome.net","token":false}
response_type: code
I have no idea where that redirect URI is coming from, as Appwrite itself gives me an https callback endpoint in the auth settings:
https://test-appwrite.pacehome.net/v1/account/sessions/oauth2/callback/google/id
If it helps, I am serving the instance as http locally and then upgrading to https through Cloudflare tunneling. I tried enforcing HTTPS through the .env file but that will cause an infinite permanently moved redirect. I would like to avoid going HTTPS locally if possible.
Appwrite sees you talking to it over HTTP, so it passes the URI to Google as HTTP. As far as Iām aware, the only way to change this is to have Appwrite serve HTTPS
Thanks, thought so. What is so strange is that the API endpoint is given in https: https://test-appwrite.pacehome.net/v1 even the callback from the Google Auth settings is given as follows: https://test-appwrite.pacehome.net/v1/account/sessions/oauth2/callback/google/id
Very strange that this is not also reflected in the passed redirect URI. Seems very inconsistent
I believe the URI passed to Google is generated on the fly. This is probably necessary because of Custom Domains.
