Dev Tools · 1h ago
Spring Boot IAM System Breaks in Production: OAuth2 Redirect URI Bug
A developer built identityCore, a self-hosted IAM service in Spring Boot, and encountered a redirect_uri_mismatch error when deploying behind a TLS-terminating reverse proxy. The bug stemmed from Spring Security's default behavior of constructing redirect URIs from the incoming request, which used HTTP instead of HTTPS. The fix required explicitly configuring the proxy's forwarded headers to preserve the original scheme.
Meridian48 take
A cautionary tale that even well-designed Spring Boot apps can trip over deployment quirks, highlighting the gap between local dev and production networking.
Read the full reporting
I built a full IAM system in Spring Boot — here's what broke when I put it on the internet →
DEV Community
spring-bootiam