Proxying only non-text/html requests to api server prevents OAuth login flow in development

Created by: nordhagen

The OAuth login flow using both front end and back end requests and callback URLs requires the host to be identical for both and identical to the host given in the application setup with the provider. Since the proxy setting only redirects non-text/html requests to unknown routes, the final callback in the token exchange phase is prevented.

I.e. a typical /api/auth/provider/callback route must be located on the same host/port as the one initiating the provider.com/oauth/authorize call. Since this final callback from the provider does not have content-type text/html it never hits the backend.

Possible solution: Support a more detailed config object in proxy parameter that allows for certain route matching patterns to always be redirected to back end regardless of content-type. Simple String/Object data type switching could allow for the change to be implemented without breaking support for the current url string version of the proxy parameter.