OAuth and OAuth2 authentication fails while going through the ProxySG


Article ID: 171815


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


The purpose of this article is to provide an explanation to the behavior that occurs when using OAuth and OAuth2 while the proxy is intercepting those requests.


The site returns a 401 (or similar) response saying that the credentials are empty or invalid.


By default, the proxy strips the Authorization header within HTTPS connections to avoid leaking any user and password details.


In order to send the Authorization header upstream regardless, authentication must be done in the destination server and not in the ProxySG, otherwise the header will be stripped from the request. This can be achieved by installing the following CPL code for the particular site:


url.domain=site.com authenticate(no, upstream_authentication)