When OAuthing the windows desktop client it tries to authenticate via https://localhost

I feel like this might be a configuration setting on the server as the last step that works is from the server to the client. I might be missing a configuration variable in the config.php?

A user opens their desktop client on windows and adds a new owncloud connection. They enter the url of our server and are prompted with a browser session to login via https at our url. They click Authenticate on the website and it loads an https://localhost url that will not load becuase it’s insecure. We can bypass this by changing the provided url to http://localhost and it will complete the connection to the desktop app.

Is there a setting somewhere that defines this? is this a glitch? i dont see this behaviour on mobile… it just works. I have seen this on Mac as well.

Client opens localhost server (http, not https), and your browser window connects to it. You shouldn’t change http://localhost/ to https://localhost/. Do you run a reverse proxy that messes with that. You can check demo.owncloud.com for comparison

based on your comment you’ve read my situation backwards. we are changing it from https to http. it is loading https://localhost after authenticating with the https server url.

I agree the local client is unavailable at https… however it loads that by default. In order to make it work we actually have to remove the s to complete the authentication.
The server url used to authenticate the account is hosted at https but it seems to propagate that setting to the desktop clients as well. It appears our clients are actually loading https://localhost by default rather than http.

Yes we have the server behind a proxy that is serving the ssl on it’s behalf. It is behind an nginx reverse proxy.

server {
listen 443 ssl http2;
server_name files.mydomain;
location / {
proxy_pass http://10.42.42.50:8080;
}
...
}

users sign in via https://mydomain and then click authenticate, but a https://localhost/longstringofcharacter loads. they remove the s from the https and it loads fine.

Watching the network request to the demo url you provided was very helpful. When I log in via the client to the demo site my browser is directed to an http://localhost url but on my instance it is directing to an https://localhost url. It might be an issue with the nginx reverse proxy settings… it assumes it should all be https instead of http for localhost. I’ll look into rewrite rules.

Request URL: https://demo.owncloud.com/index.php/apps/oauth2/authorize?response_type=code&cl...
Response Headers:
location: http://localhost:57334?code=HPs5BlkAoRJBYNod...

EDIT: unable to find anything about editing the response headers in nginx. This is unlikely to be manipulated by our reverse proxy in the first place. owncloud is the one providing the https. Is there a setting or a glitch that is happening that the server assumes the location header should have an ssl schema? When we click authenticate we are given a 301 redirect to https://localhost... instead of http.