zitadel · livio-a · Oct 9, 2024 · Oct 8, 2024 · Oct 8, 2024
diff --git a/pkg/authentication/authenticate.go b/pkg/authentication/authenticate.go
@@ -27,6 +27,7 @@
  sessions Sessions[T]
  encryptionKey string
  sessionCookieName string
+ externalSecure bool
 }
 
 // Option allows customization of the [Authenticator] such as logging and more.
@@ -55,6 +56,13 @@
  }
 }
 
+// WithExternalSecure allows using https redirects when the service is behind a reverse proxy.
+func WithExternalSecure[T Ctx](externalSecure bool) Option[T] {
+ return func(a *Authenticator[T]) {
+ a.externalSecure = externalSecure
+ }
+}
+
 func New[T Ctx](ctx context.Context, zitadel *zitadel.Zitadel, encryptionKey string, initAuthentication HandlerInitializer[T], options ...Option[T]) (*Authenticator[T], error) {
  authN, err := initAuthentication(ctx, zitadel)
  if err != nil {
@@ -143,7 +151,7 @@
  a.deleteSessionCookie(w)
 
  proto := "http"
- if req.TLS != nil {
+ if req.TLS != nil || a.externalSecure {
  proto = "https"
  }
  postLogout := fmt.Sprintf("%s://%s/", proto, req.Host)