I have been trying to configure my symfony 4 instance to use https instead of http but have been stuck on how to fix a redirection loop going to the uri /login/. With basic http what I have works fine, but when I try to add https support via this article I get a redirection loop. So the related config files are:
hwi_oauth.yaml
hwi_oauth:
firewall_names: [secured_area]
connect: ~
resource_owners:
auth0:
type: oauth2
class: 'App\Model\Auth0ResourceOwner'
base_url: https://mytenant.auth0.com
client_id: myid
client_secret: mysecret
redirect_uri: /oauth/callback
scope: "openid profile email"
security.yaml
security:
providers:
hwi:
id: hwi_oauth.user.provider
firewalls:
secured_area:
anonymous: ~
oauth:
resource_owners:
auth0: "/oauth/callback"
login_path: /login
use_forward: false
failure_path: /login
default_target_path: /secured
oauth_user_provider:
service: hwi_oauth.user.provider
logout:
path: /logout
target: /
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/secured, roles: ROLE_OAUTH_USER }
hwi_oauth_routing.yaml
hwi_oauth_redirect:
resource: "@HWIOAuthBundle/Resources/config/routing/redirect.xml"
prefix: /connect
schemes: [https]
hwi_oauth_connect:
resource: "@HWIOAuthBundle/Resources/config/routing/connect.xml"
prefix: /connect
schemes: [https]
hwi_oauth_login:
resource: "@HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
schemes: [https]
auth0_login:
path: /oauth/callback
schemes: [https]
auth0_logout:
path: /logout
schemes: [https]
I didn't realize that I needed to configure how symfony configures proxies. So this article which resolved my issue.
I used a variation of the code