Nginx Question posted in
The official documentation can be found here.

Incorrect redirect URI in Azure authenticated Flask app when deployed using nginx and docker

I have a flask app that was built based on the following instructions that allows me to authenticate users based Azure AD.
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-python-webapp

The app works great when tested on localhost:5000. Now I want to deploy it to a production server using docker and nginx reverse proxy. I have created a docker container so that the docker port is mapped to port 6000 on localhost. Then I have added a proxy_pass in nginx config to pass the traffic to the docker container.

nginx.conf

location /app/authenticated-app/ {
  proxy_pass http://localhost:6000/;
  proxy_redirect default;
}

With this config, I can go to the login page via https://server/app/authenticated-app however, when I click on login, the request that goes to azure has a query parameter redirect_uri that’s set to http://localhost:6000/getToken. Therefore, once I complete the login, the app gets redirected to that url. Does anyone know how to fix this and get it redirected to the proper url. I have already added https://server/app/authenticated-app/getToken under the redirect_uri on azure portal.

Tags:

2

Answers


  1. 0

    I had the same issue, what I did is :

    Use Cherrypy to enable ssl on custom port.

    cherrypy.config.update({'server.socket_host': '0.0.0.0',
                        'server.socket_port': 8443,
                        'engine.autoreload.on': False,
                        'server.ssl_module':'builtin',
                        'server.ssl_certificate':'crt',
                        'server.ssl_private_key':'key'
                        })

    Then install Nginx and proxy to https://127.0.0.1:8443

    Not sure if that will help but this what I did to get my flask app working with MSAL.

    Login or Signup to reply.
  2. 0

    I had a similar issue, with nginx and my flask app both running in docker containers in the same stack and using a self-signed SSL certificate.

    My nginx redirects requests as follow:

    proxy_pass http://$CONTAINER_NAME:$PORT;

    and the msal app uses that URL when building its redirect_uri

    def _build_auth_code_flow(authority=None, scopes=None):
    return _build_msal_app(authority=authority).initiate_auth_code_flow(
        scopes or [],
        redirect_uri=url_for("auth.authorized", _external=True))

    I cheated a little bit by hardcoding the return URL I wanted (which is identical to the one I configured in my azure app registration) in my config.py file and using that for the redirect_uri:

    def _build_auth_code_flow(authority=None, scopes=None):
    return _build_msal_app(authority=authority).initiate_auth_code_flow(
        scopes or [],
        redirect_uri=current_app.config['HARDCODED_REDIRECT_URL_MICROSOFT'])

    In my case, that url would be https://localhost/auth/redirect/. I also needed to configure my nginx to redirect all requests from http to https:

    events {}
http {

  server {
    listen 80;
    server_name localhost;
    return 301 https://localhost$request_uri;

  }
...
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search