Auth error 500 identity-server

I have…

• [ x ] Read the following guideline: https://docs.squidex.io/01-getting-started/installation/troubleshooting-and-support. I understand that my support request might get deleted if I do not follow the guideline.

I’m submitting a…

• [ ] Regression (a behavior that stopped working in a new release)
• [ x ] Bug report
• [ ] Performance issue
• [ ] Documentation issue or request

Current behavior

Can`t login. Getting Error 500 on production when users is trying to login via google auth after return from confirm on google form. Locally all is fine.

Expected behavior

Successful auth

Minimal reproduction of the problem

Self docker hosting. Login via google auth on production with own google credentials.

Environment

• [ x ] Self hosted with docker
• [ ] Self hosted with IIS
• [ ] Self hosted with other version
• [ ] Cloud version

Version: 5.8.2

Browser:

• [ x ] Chrome (desktop)
• [ ] Chrome (Android)
• [ ] Chrome (iOS)
• [ ] Firefox
• [ ] Safari (desktop)
• [ ] Safari (iOS)
• [ ] IE
• [ ] Edge

Others:
Use Cloudflare SSL. Locally authentication works but on production it returned error 500 wher redirected back from google form auth. Return Urls is checked.
Return Urls on google console:
http://some-host.com/identity-server/signin-google
https://localhost:5001/identity-server/signin-google

logs, dockerfile
image taking from bitbucket

Check your base url config and ensure that it is set to https.

base url config in appsettings it is https

I am not sure where I have seen it, but somehow Google is redirecting to http.

It is definitely a https / cookie issue. You can find it in the logs.

Google prod link is http://
When I set https:// it give me the error uri_mismatch. When I set http:// it redirects to app and app redirect request to https://. You can see it in the image above.
I haven’t changed anything else
baseUrl in appsettings is https:// always

But something is obviously wrong with the redirects. You have to dig into this.

See something. As I understand the app “says” to Google use http. It`s on a production. Somehow the app send redirect_uri with http
appsetting: “baseUrl”: “https://************”,

enter11876×899 260 KB

signR11823×869 297 KB

signR21826×865 215 KB

It`s local

Screenshot_111791×941 149 KB

Perhaps your proxy does not set the X-Proto-Forward header ?

Gave it to the devops. He check it out. I will write by the result
There is one more thing. I installed the Mozilla browser and tried to login.
It`s works.
I cannot enter through chrome and opera, but through mozilla I can.
I cleared the cache and tried it in incognito mode too. It does not work in chrome and opera. What could it be? I can’t understand what I’m missing

X-Proto-Forward is set

Then I have no idea right now.

I also have a setup with cloudflare and no issues. This should not be the problem.

Solved with set MinimumSameSitePolicy = SameSiteMode.Lax
Was Unspecified.

What kind of setting is this?

CookiePolicyOptions