refactor: use x-tinyauth-location header in tinyauth auth request#621
Open
steveiliop56 wants to merge 2 commits into
Open
refactor: use x-tinyauth-location header in tinyauth auth request#621steveiliop56 wants to merge 2 commits into
steveiliop56 wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Thanks for opening this pull request! Be sure to follow the pull request template!
1 task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description:
Tinyauth introduced a new
X-Tinyauth-Locationheader in thev5.0.7version. This header allows Tinyauth to inform the reverse proxy of the location it wants the user to redirect to, avoiding the need for the custom Tinyauth login page location. It also allows for the proxy to redirect to Tinyauth's own pages for unauthorized users instead of presenting them the generic 403 error of Nginx.Benefits of this PR and context:
As mentioned above:
How Has This Been Tested?
This change will impact any users who update to this newer configuration while being on an version prior to
v5.0.7. This exact patch was tested with Tinyauth's users and confirmed working as expected. Exact setups unknown.If I understand correctly, it's the user's responsibility to review proxy configurations and apply them. However if you would like to avoid any potential confusion/potential breakage of any existing setups, I recommend at least adding a
login_for=appparameter in the Tinyauth login location. This additional parameter informs the Tinyauth of the scope of the login request and helps increase security. Tinyauth can work without this parameter.Source / References:
Release adding the header: https://github.com/tinyauthapp/tinyauth/releases/tag/v5.0.7
Documentation on Nginx Proxy Manager with this header: https://tinyauth.app/docs/guides/nginx-proxy-manager