accept callback also via https://localhost:9877

[kurellajunior]

Most corporate systems enforce nowadays https, which is good. Unfortunately that means, that they replace redirect URLs to point to https too.
So the whole flow is broken, as the actual redirect call from the auth system that reaches the local system will never be read by the server started by auth2c.

I did not find any option to let the locally started server to react on https:// (needs self-signed certificates?)

Any chance to add this?

[mbilski]

Hi,

I added support for TLS in the callback redirect URL in #99

Example

oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
  --client-id cauktionbud6q8ftlqq0 \
  --client-secret HCwQ5uuUWBRHd04ivjX5Kl0Rz8zxMOekeLtqzki0GPc \
  --response-types code \
  --response-mode query \
  --grant-type authorization_code \
  --auth-method client_secret_basic \
  --redirect-url https://localhost:9876/callback \
  --callback-tls-cert https://raw.githubusercontent.com/cloudentity/oauth2c/master/data/cert.pem \
  --callback-tls-key https://raw.githubusercontent.com/cloudentity/oauth2c/master/data/key.pem

Notice https:// in the --redirect-url. In this case, you need to provide --callback-tls-cert and --callback-tls-key as well.

I'll release it as v1.13

Thanks,
Mateusz

[kurellajunior]

Wow, you guys rock!