am trying to setup a Bitbucket OAuth consumer for authentication for an application called SonarQube (linting tool). Following the guide, it looks like I have setup everything correctly - https://github.com/SonarSource/sonar-auth-bitbucket.
The callback URL is set to https://myserver/oauth2/callback. When I navigate to it directly, I get "You're not authorized to access this page. Please contact the administrator." - which probably is valid. I don't have any trailing slashes or incorrect scheme.
One thing to note is that I am using an nginx reverse proxy. I did read sometimes this issue surfaces when the headers X-Forwarded-For and X-Forwarded-Proto are set incorrectly. Please note my troubleshooting skills around this is not the greatest but when I use dev tools and navigate to https://myserver/oauth2/callback, I don't see those headers set. However when I run nginx -T | grep proxy_set_header, it seems to be correct.
root@01008bf897b1:/app# nginx -T | grep proxy_set_header
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Proxy "";
Also when I look at the URL when doing the Bitbucket authentication, I notice it does not include https in the redirect_uri:
If I had https, like below, it actually prompts for "Confirm access to your account":
Is my reverse proxy setup incorrectly - proxy headers? Possible Bitbucket issue? Any help would be appreciated!
This was not proxy related but a configuration issue in SonarQube.
I had originally set sonar.core.serverBaseURL=https://mysonarqube.com as an environment variable in my docker container which I thought wasn't being applied as when I checked in the UI, it was blank. I then updated the env variable to sonar.core.serverBaseURL=notworking so I can troubleshoot it/delete it later but it seemed to set that value even though the UI showed the correct value. Once it was updated it worked (as well as all my other auth integrations such as Google and GitHub).