Always pass a valid redirect_uri callback parameter (localhost:8976) to Cloudflare OAuth API, even when the --callback-host and --callback-port params would not be accepted

[gnekich]

Fixes #5937
Fixes #9065
Fixes #11959

The OAuth provider only accepts localhost:8976 as the host and port in the redirect_uri parameter of the login request.

One can configure the Wrangler's OAuth callback server to listen on custom host, via --callback-host (e.g. 0.0.0.0 or 127.0.0.1), and port, via --callback-port.
This is useful when running Wrangler inside a Docker container (or equivalent) where it is not possible to listen on localhost.

In this case, you can configure Wrangler to listen on a different host and/or port but then it is up to you to configure your container to map localhost:8976 to the host and port on which Wrangler is listening.

Example

Running the callback server on 127.0.0.1:8989:

wrangler login --calback-host=127.0.0.1 --callback-port=8989

results in Wrangler listening on 127.0.0.1:8989 and a login URL that looks like:

https://dash.cloudflare.com/oauth2/auth?...&redirect_uri=http%3A%2F%2Flocalhost%3A8976%2Foauth%2Fcallback&...

Note that the redirect_uri is always localhost:8976 whatever the callback host and port are.

---

• Tests
  • TODO (before merge)
  • Tests included/updated
  • Tests not necessary because:
• Public documentation
  • TODO (before merge)
  • Cloudflare docs PR(s): docs: add documentation for wrangler login in containers cloudflare-docs#27745
  • Documentation not necessary because:

[changeset-bot]

🦋 Changeset detected

Latest commit: ba6c018

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[penalosa]

@gnekich could you clarify what issue this is fixing? Both the linked issues have been closed. If possible, could you open a new issue with a reproduction of what's going wrong?

[michaelalhilly]

Just to be clear. The issue we are currently having is with this setting:

--callback-host=0.0.0.0

Currently when working inside Docker we need to listen for localhost on 0.0.0.0. However, the login and callback urls still need to specify localhost as the host.

Currently, this is not working as setting callback-host=0.0.0.0 also changes the host in login and callback urls to 0.0.0.0 which results in an error and prevents the authorization page from loading.

The current workaround is to manually replace 0.0.0.0 in the login url with localhost and everything works.

[penalosa]

@gnekich could you create a new issue with a reproduction of the problem you're seeing?

[petebacondarwin]

Thanks for putting this PR together.
It took me a while to get my head around what the actual problem was.
In general I think this is a good idea, but I have left some comments for changes before we can really land this.

[petebacondarwin]

Just rebased and pushed a handful of changes that fit with my suggestions above.
We should also update the docs to explain this scenario to future users.

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@9396

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@9396

miniflare

npm i https://pkg.pr.new/miniflare@9396

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@9396

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@9396

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@9396

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@9396

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@9396

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@9396

wrangler

npm i https://pkg.pr.new/wrangler@9396

commit: ba6c018