<![CDATA[How to setup reverse proxy for an SSO session bootstrap]]>I'm glad it's finally possible to bootstrap an SSO session manually as described here, nice!

However, as part of the explanation on how to actually achieve it, there's a step that's not explained in detail, which is:

"FusionAuth requires the access token to be in an Authorization header. Because browsers do not provide a way to set the Authorization header when browsing to a location, you’ll need to add the header using, for example, a reverse proxy.""

I managed to make it work using nginx as the reverse proxy, I've published a gist to show how.
Is this approach correct?

The only thing that seems off is that after redirecting to oauth2/authorize, FusionAuth redirects to the redirect_uri provided, but includes an error about the response_type in the url (SSO session is correctly created though).

]]>https://fusionauth.io/community/forum/topic/2903/how-to-setup-reverse-proxy-for-an-sso-session-bootstrapRSS for NodeSun, 07 Jun 2026 10:40:51 GMTMon, 31 Mar 2025 11:53:06 GMT60<![CDATA[Reply to How to setup reverse proxy for an SSO session bootstrap on Mon, 07 Apr 2025 15:12:11 GMT]]>@joseantonio When you add the response_type=code. That should be literal 'response_type=code' not response_type={code} where {code} is some secret. Other than that, you can add additional parameters to the query string if needed. As long as you are not passing secrets in the query string you should be ok.

]]>https://fusionauth.io/community/forum/post/7951https://fusionauth.io/community/forum/post/7951Mon, 07 Apr 2025 15:12:11 GMT<![CDATA[Reply to How to setup reverse proxy for an SSO session bootstrap on Mon, 07 Apr 2025 06:46:11 GMT]]>@mark-robustelli Thanks! That prevents the error but adds the code to the url, which in my case is not needed, so I'm using response_mode=form_post to hide it. Is that ok?

]]>https://fusionauth.io/community/forum/post/7946https://fusionauth.io/community/forum/post/7946Mon, 07 Apr 2025 06:46:11 GMT<![CDATA[Reply to How to setup reverse proxy for an SSO session bootstrap on Sun, 06 Apr 2025 19:23:28 GMT]]>@joseantonio using the response_type=code should be fine, let me know how it goes.

]]>https://fusionauth.io/community/forum/post/7945https://fusionauth.io/community/forum/post/7945Sun, 06 Apr 2025 19:23:28 GMT<![CDATA[Reply to How to setup reverse proxy for an SSO session bootstrap on Tue, 01 Apr 2025 16:00:27 GMT]]>@mark-robustelli

This is the error shown in the url after oauth2/authorize redirects to redirect_uri:

?error=invalid_request&error_reason=missing_response_type&error_description=The+request+is+missing+a+required+parameter%3A+response_type

At some point I used a combination of these two params in the oauth2/authorize endpoint to prevent it, is this safe to do or may it come with possible drawbacks?

  • response_type=code
  • response_mode=form_post

Thanks!

]]>https://fusionauth.io/community/forum/post/7931https://fusionauth.io/community/forum/post/7931Tue, 01 Apr 2025 16:00:27 GMT<![CDATA[Reply to How to setup reverse proxy for an SSO session bootstrap on Mon, 31 Mar 2025 20:26:27 GMT]]>@joseantonio said in How to setup reverse proxy for an SSO session bootstrap:

here

Thank you for sharing. What is the error that you are getting about the response_type?

]]>https://fusionauth.io/community/forum/post/7930https://fusionauth.io/community/forum/post/7930Mon, 31 Mar 2025 20:26:27 GMT