Describe the Bug
Tinyauth v5.1.0 added the login_for parameter and made it a requirement for redirects to apps to work. While this works with the new Nginx setups implementing the x-tinyauth-location header, proxies like Swag which use the only redirect logic fail to redirect to apps correctly. The parameter should be optional by default and an optional parameter should assume an app redirect.
How to Reproduce
No response
Expected Behavior
Tinyauth should maintain support for older configurations still utilizing the manual redirect.
Additional Context
We should make a PR to Swag and update their configurations to use the new x-tinyauth-location header.
Server configuration:
## Version 2025/06/08 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-server.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
# location for tinyauth auth requests
location /tinyauth {
internal;
include /config/nginx/proxy.conf;
include /config/nginx/resolver.conf;
set $upstream_tinyauth tinyauth;
proxy_pass http://$upstream_tinyauth:3000/api/auth/nginx;
proxy_set_header x-forwarded-proto $scheme;
proxy_set_header x-forwarded-host $http_host;
proxy_set_header x-forwarded-uri $request_uri;
}
Location configuration:
## Version 2025/12/17 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/tinyauth-location.conf.sample
# Make sure that your tinyauth container is in the same user defined bridge network and is named tinyauth
# Rename /config/nginx/proxy-confs/tinyauth.subdomain.conf.sample to /config/nginx/proxy-confs/tinyauth.subdomain.conf
## Send a subrequest to tinyauth to verify if the user is authenticated and has permission to access the resource
auth_request /tinyauth;
auth_request_set $redirection_url $upstream_http_x_tinyauth_location;
error_page 401 403 =302 $redirection_url;
## Translate the user information response headers from the auth subrequest into variables
auth_request_set $email $upstream_http_remote_email;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $user $upstream_http_remote_user;
## Inject the user information into the request made to the actual upstream
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-User $user;
## Can be extended with more custom headers https://tinyauth.app/docs/reference/headers#nginxnginx-proxy-manager
Logs
No response
Operating System
No response
Browser
No response
Tinyauth Version
v5.1.1
Docker Version (if applicable)
No response
Human Written Confirmation
Describe the Bug
Tinyauth
v5.1.0added thelogin_forparameter and made it a requirement for redirects to apps to work. While this works with the new Nginx setups implementing thex-tinyauth-locationheader, proxies like Swag which use the only redirect logic fail to redirect to apps correctly. The parameter should be optional by default and an optional parameter should assume an app redirect.How to Reproduce
No response
Expected Behavior
Tinyauth should maintain support for older configurations still utilizing the manual redirect.
Additional Context
We should make a PR to Swag and update their configurations to use the new
x-tinyauth-locationheader.Server configuration:
Location configuration:
Logs
No response
Operating System
No response
Browser
No response
Tinyauth Version
v5.1.1
Docker Version (if applicable)
No response
Human Written Confirmation