Add options to redirect to arbitrary host for Twitter Authentication

[gokhansengun]

Using Twitter authentication, module instructs Twitter Api to redirect to the requesting host as per below code.

protected string BuildRedirectUri(string targetPath)
    => Request.Scheme + "://" + Request.Host + OriginalPathBase + targetPath;

For the scenarios where the app servers are located behind a reverse proxy or load balancer the redirect is trying to reach the app server which might not be always possible (port restrictions, etc).

So, it would be beneficial if the redirect scheme and host could be configured just like the Options.CallbackPath. Being able to arbitrate Request.Scheme may also be needed in case of SSL/TLS offloading done in the load balancer.

Please let me know if this sounds fine, if so I can work on a change.

[blowdart]

Why isn't your proxy or load balancing setting the X-Forwarded-For or X-Forwarded-Proto headers?

If it does follow that "standard" then you can use

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

And the redirect Uri should end up correct.

[gokhansengun]

Reading the code a little bit more carefully (thank God it is open source), saw the RedirectUri on the ticket properties. Setting it to the desired uri in OnCreatingTicket event did the trick.

Below is an example for future reference of others.

services.AddAuthentication().AddTwitter(twitterOptions =>
{
    twitterOptions.ConsumerKey = configuration["Authentication:Twitter:ConsumerKey"];
    twitterOptions.ConsumerSecret = configuration["Authentication:Twitter:ConsumerSecret"];
    twitterOptions.SaveTokens = true;

    twitterOptions.Events.OnCreatingTicket = async context =>
    {
        context.Properties.RedirectUri = "http://<desired_uri>/Account/ExternalLoginCallback";
    };
});

[gokhansengun]

@blowdart maybe I was not clear in the issue description but the problem was I was not able land the requests to the load balancer in the first place because I thought the middleware defaults to the requester's HostString.

I hope the comment above this one explains it a bit better.

[blowdart]

But my point is if the load balancer is what the endpoint is then having it forward the host properly you don't even need to do this. The forwarding middleware will pick those headers up and the uri and protocol you see in the request object will be that of the external address the load balancer is bound to

[Tratcher]

The recommended setup is to use use forwarded headers to update the request. Otherwise you'd have to configure every component that generated urls. We're currently drafting more detailed guidance for this here: dotnet/AspNetCore.Docs#2384. Closing this as a duplicate.