OAuth Proxy while using Cloudflare
Figured I'd put this here cause there may be others with similar issues.
Quick summary of the whole stack:
- Express backend locked down with CORS, related origins added, running behind Cloudflare. OAuth proxy url installed with the specific current and production urls set.
- React frontend with Vite, using the proxy feature to proxy /api to my production api.
Issues I am running in to:
So Vite sets the host to the url it's trying to proxy, this makes the OAuth proxy plugin return
skipProxy true. The solution for this would be to add the settings object to the Vite proxy and change changeOrigin to false. This keeps the host header as localhost. Now Cloudflare comes into the picture. They see the host header and are basically like "Oh well we don't have a site for localhost on this ip" and promptly return their error 1003.
Now we're in a predicament. The OAuth proxy expects localhost, however Cloudflare doesn't accept it. How would I go about fixing this? All I want is to be able to log in to my production api locally to work on my frontend, without having to turn off Cloudflare for my entire domain.
@Ping (pinging you cause I REALLY hope you may have some intricate knowledge about this that I don't)3 Replies
Okay so the plot thickens? I am now proxying my api through vscode, skipping Cloudflare entirely however now I am running into a State mismatch
state mismatch in most cases happens when the
state cookie doesn't set on the browser, so when redirecting back to your app from the oauth flow, better-auth couldn't validate the state against the state cookie (since it couldn't be found)
Can you check if that state cookie gets set?So I have no clue if it's just me not understanding the docs quite right or something but uhh I am getting a bit lost ngl😂
I can't even get it to redirect correctly atp hahaha
All I want is for my production and local frontend to use the same backend
Alright so now I am at a point where I am successfully tricking everything BUT
The returned session is null
Like everything seems to work besides it not returning the actual session. The session cookie is also not being set, just the state
Tried to manually set the session cookie and it just gets removed
It seems like the session is being registered on my production url instead
Its session token keeps updating to the latest one