Open-login Doesn't redirect for users using HTTPS ( domain.com:443/login?login=twitter => 400 Bad Request)

Question

I started using the open-login plugin that provides oauth login functionality.  The first service I tried to use was twitter.  Twitter appear to only work when the users tries to login over http.  If the user tries to login over https they are redirect to

http://domain.com:443/login?login=twitter

With a server error of

400 Bad Request

The plain HTTP request was sent to HTTPS port

---

nginx

If the user then goes to http://domain.com/login?login=twitter or https://domain.com:443/login?login=twitter the user is logged in.

The only thing I can think of that I might be doing wrong is using the wrong Callback URL(in the twitter api key setup). Currently the plugin seems to work over http using the

http://domain.com/qa-plugins/open-login/Hybrid/Auth.php?hauth.done=Twitter

or

http://domain.com/qa-plugins/open-login/Hybrid/?hauth.done=Twitter

or either one of those with https instead of http as the callback URL.

If there is an issue with the plugin I would really appreciate some advice as well.

Thanks in advance....

Comments

What do you mean with : "when the user tries to login over https" ?
Does your q2a website use ssl ?
url = https://www.your-q2a-website.com ?

---

about the http error that you post (400 bad request), I think it's correct if you use an url such as :
"http://domain.com:443/login?login=twitter "
that is if you use **http** along with a 443 port.
As the message says ("The plain HTTP request was sent to HTTPS port") , the web server expects SSL-encrypted data on the 443 port.

---

The site uses ssl.  When the user goes to https://domain.com and hits the twitter login button (using oauth) the above error occurs.  The domain does support ssl.

---

1) On Twitter you should set :
Website = https://www.domain.com
Callback URL = https://www.domain.com/?hauth.done=Twitter

2) On your q2a website, Admin/General you should have :
Preferred site URL = https://www.domain.com
(**identical** to the Twitter "Website" value)

---

I will try this and report back.

---

This changed things but did not resolve the issue.  I setup the website, call back and preferred site URL as specified above and tried to login with twitter.  

On the first attempt it redirected to twitter as it was doing and then returned same 400 error above. I then returned to https://domain.com and tried again.  This time I was not redirected to twitter however I was logged in. Very strange...

---

Strange. Can you share an url ?

Answer 1

The plugin redirects based on the current URL the user is at when clicking the login button. It might be that, for some reason, the code could not correctly detect the protocol (https or http) of the current URL and generate an invalid link.

Can you try to add the following piece of code to the file Hybrid/Auth.php from q2a-open-login plugin folder, on line 376?

if( !empty($_SERVER['HTTPS']) ||

instead of

if(

See here how that line looks now: https://github.com/alixandru/q2a-open-login/blob/development/Hybrid/Auth.php#L376

Basically you need to add a new condition to that "if" and test again.

 

If that doesn't work, I will really need the URL of your site to debug. I hope this helps.