symfonyhwioauthbundle

How Can I Fix This Symfony 4 Redirect Loop With HWIOAuthBundle And Auth0?

I have been trying to configure my symfony 4 instance to use https instead of http but have been stuck on how to fix a redirection loop going to the uri /login/. With basic http what I have works fine, but when I try to add https support via this article I get a redirection loop. So the related config files are:

hwi_oauth.yaml

hwi_oauth:
    firewall_names: [secured_area]
    connect: ~
    resource_owners:
        auth0:
            type:                oauth2
            class:               'App\Model\Auth0ResourceOwner'
            base_url:            https://mytenant.auth0.com
            client_id:           myid
            client_secret:       mysecret
            redirect_uri:        /oauth/callback
            scope: "openid profile email"

security.yaml

security:
    providers:
        hwi:
            id: hwi_oauth.user.provider

firewalls:
    secured_area:
        anonymous: ~
        oauth:
            resource_owners:
                auth0: "/oauth/callback"
            login_path:        /login
            use_forward:       false
            failure_path:      /login
            default_target_path: /secured
            oauth_user_provider:
                service: hwi_oauth.user.provider
        logout:
            path:   /logout
            target: /

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/secured, roles: ROLE_OAUTH_USER }

hwi_oauth_routing.yaml

hwi_oauth_redirect:
    resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
    prefix:   /connect
    schemes: [https]

hwi_oauth_connect:
    resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
    prefix:   /connect
    schemes: [https]


hwi_oauth_login:
    resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
    prefix:   /login
    schemes: [https]


auth0_login:
    path: /oauth/callback
    schemes: [https]


auth0_logout:
    path: /logout
    schemes: [https]
Solution

  • I didn't realize that I needed to configure how symfony configures proxies. So this article which resolved my issue.

    I used a variation of the code 

    // public/index.php

// ...
$request = Request::createFromGlobals();
// tell Symfony about your reverse proxy
Request::setTrustedProxies(
    // the IP address (or range) of your proxy
    ['192.0.0.1', '10.0.0.0/8'],

    // trust *all* "X-Forwarded-*" headers
    Request::HEADER_X_FORWARDED_ALL

    // or, if your proxy instead uses the "Forwarded" header
    // Request::HEADER_FORWARDED

    // or, if you're using AWS ELB
    // Request::HEADER_X_FORWARDED_AWS_ELB
);