Getting CRSF error when fetching data from remote Azure hosted API after successful oAuth

Forge Forge Platform and Tools
1

Hello,
I’m running the forge-external-auth-examples project and i got the example running and it is retrieving my profile from Microsoft graph.

Now i need to query data from external azure hosted site. So i updated the manifest with my own external backend. I updated the example to fetch data from my remote-app but i get CRSF error. I can see the url from logs and when i open it up it shows the following →

image
image825×866 28 KB

Update: we are using oAuth proxy and crsf token / cookie might get lost along the way …

Question 1 : is there a way to configure provider so that its possible to use with oAuth proxy ?
Question 2 : is there a way to get the oAuth token from the provider to include it manually to subsequent requests ?

Question 3 : any sample code to handle oAuth flow manually in Forge application ?

2

Hi @HendrikGross. Welcome to the dev community.

I don’t have experience with oauth2 proxy; however, I did take a look at the docs, and did find some cookie-based config options that are disabled by default.

https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview/#cookie-options

Have you tried setting --cookie-csrf-per-request to true?

3

The flag did not work, but

We had a closer look in the proxy logs and there is something not quite right :

image

However my manifest states quite clearly :

image
image543×382 28.5 KB