fix oidc callback behind reverse proxy

2026-06-16 10:01:13 +08:00
parent 9024f80a70
commit 626b8928f4
5 changed files with 78 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ OIDC_ISSUER=https://casdoor.example.com
 OIDC_CLIENT_ID=analytics
 OIDC_CLIENT_SECRET=replace-me
 AUTH_SECRET=replace-with-random-secret
+NEXTAUTH_URL=https://your-analytics-domain
 # Optional login button label:
 OIDC_PROVIDER_NAME=Sinodoor
 ```
@@ -64,6 +65,8 @@ When OIDC is enabled, configure the provider redirect URI as:
 https://your-analytics-domain/api/auth/callback/oidc
 ```

+`NEXTAUTH_URL` must be the same public `https://` origin that users open through the reverse proxy. This keeps login redirects and callback URLs from using the container listener such as `http://0.0.0.0:8019`.
+
 Partial OIDC configuration is treated as an error instead of falling back to open access.

 ## Deployment