Redirect_Uri use http instead of https with Spring social Facebook Login on Heroku

Question

This is Spring MVC application and host on Heroku which has valid ssl certificate.

When I click on the following link from the spring mvc web application

https://www.website.com/auth/facebook

It redirects to this link

https://www.facebook.com/v2.5/dialog/oauth?client_id=1234567890&response_type=code&redirect_uri=http%3A%2F%2Fwww.website.com%2Fauth%2Ffacebook&scope=email&state=62b62bad-f8c8-44a3-bacf-a13ce12dfcce

In this, redirect_uri takes http instead https. How to forced https to redirect_uri?

I have followed the solution mentioned in this question Spring OAuth redirect_uri not using https

and created following file but it didn't work.

The application.propeties file contains

server.tomcat.remote-ip-header=X-Forwarded-For
server.tomcat.protocol-header=X-Forwarded-Proto
server.use-forward-headers=true

security.oauth2.client.pre-established-redirect-uri=https://www.website.com/login
security.oauth2.client.registered-redirect-uri=https://www.website.com/login
security.oauth2.client.use-current-uri=false

Answer 1

Go to Facebook Developer, Below Products tab go to Facebook login

Make sur Enfore https is set to yes

Then in valid oauth reidrect url add https urls

Change your site Url to https:

and I am really surprised how Facebook redirects you to http! From 1st may all the redirects should redirected to https. Even in your localhost, you need to create a self-signed certificate to get facebook login working.

Answer 2

If you are using .net core application then in Configure Method at Startup.cs file add the following line of It should be work.

app.Use((context, next) =>
            {
                if (context.Request.Headers["x-forwarded-proto"] == "https")
                {
                    context.Request.Scheme = "https";
                }
                return next();
            });