Skip to content

[BUG] Make login_for optional for Nginx deployments #1023

Description

@steveiliop56

Describe the Bug

Tinyauth v5.1.0 added the login_for parameter and made it a requirement for redirects to apps to work. While this works with the new Nginx setups implementing the x-tinyauth-location header, proxies like Swag which use the only redirect logic fail to redirect to apps correctly. The parameter should be optional by default and an optional parameter should assume an app redirect.

How to Reproduce

No response

Expected Behavior

Tinyauth should maintain support for older configurations still utilizing the manual redirect.

Additional Context

We should make a PR to Swag and update their configurations to use the new x-tinyauth-location header.

Server configuration:

## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf

# location for tinyauth auth requests
location /tinyauth {
    internal;

    include /config/nginx/proxy.conf;
    include /config/nginx/resolver.conf;
    set $upstream_tinyauth tinyauth;
    proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx;

    proxy_set_header x-forwarded-proto $scheme;
    proxy_set_header x-forwarded-host $http_host;
    proxy_set_header x-forwarded-uri $request_uri;
}

Location configuration:

## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf

## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
auth_request /tinyauth;
auth_request_set $redirection_url $upstream_http_x_tinyauth_location;
error_page 401 403 =302 $redirection_url;

## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user;

## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user;

## Can be extended with more custom headers https://tinyauth.app/docs/reference/headers#nginxnginx-proxy-manager

Logs

No response

Operating System

No response

Browser

No response

Tinyauth Version

v5.1.1

Docker Version (if applicable)

No response

Human Written Confirmation

  • I confirm this issue was written by me and not generated by an LLM or AI assistant.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions