[BUG] GitHub OAuth Callback URL Forcing HTTPS Despite HTTP Configuration

[cheum]

GitHub OAuth Callback URL Forcing HTTPS Despite HTTP Configuration

I want to deploy my app using HTTP.
The callback URL for GitHub OAuth still supports HTTP.
However, even if I set the callback URL to use HTTP, the redirect_uri is automatically changed to HTTPS when returned by the redir_url function.
I attempted to use the scheme parameter of redir_url, but it doesn’t work when host="0.0.0.0".
(Temporarily using the replace syntax resolves the issue.)

I understand that HTTPS is the standard, but I wanted to report this behavior. Below is the code I used.

# User asks us to Login
@app.get("/login")
def login(request):
    redir = redir_url(request, auth_callback_path, "http")  # .replace("https", "http")
    login_link = client.login_link(redir)
    return login_page(login_link)


# User comes back to us with an auth code from Github
@app.get(auth_callback_path)
def auth_redirect(code: str, request, session):
    redir = redir_url(request, auth_callback_path, "http")  # .replace("https", "http")
    user_info = client.retr_info(code, redir)
    user_id = user_info[client.id_key]
    session["user_id"] = user_id

    if user_id != authorized_user_id:
        return RedirectResponse("/protected", status_code=303)
    return RedirectResponse("/", status_code=303)


@app.get("/protected")
async def protected(req):
    return not_authorized_page()


serve(host="0.0.0.0", port=8050, reload=(not ENV_MODE))

Expected behavior

redir = redir_url(request, auth_callback_path, “http”)

I hope the syntax works.

Environment Information
Please provide the following version information:

• fastlite version: 0.0.13
• fastcore version: 1.7.22
• fasthtml version: 0.10.1