As a general rule, if you have intermediate servers between your original client and your server, and those server remaps the request sent by the client (modify the URL, headers, etc.), the de-facto standard way to handle such redirections is to use `x-forwarded-* headers.
That is explained all over the internet, for example:
All popular proxy servers add those headers when doing such redirects. I'm not sure if IIS URL Rewrites do so, if not, you should do it yourself.
Point is, all TMS Sparkle servers (thus, XData, Sphinx, etc.) can automatically handle that information if you add a Forward middleware to it. So that's all you should do, add a Forward middleware to your Sphinx server and it should work fine with any proxy servers that properly add the forwarding headers.
Thanks Wagner. I have added this, although the pass through worked without it. The question is how I get Sphinx to return the issuer and endpoints when a call is made to http://dev.smxi.com/svr/auth/.well-known/openid-configuration which returns the paths based on the base url set in the Sphinx Server, rather than the external paths:
No, it returns the URL based on the original URL the client requested, thus if the forward headers are correct and the Forward middleware is added, it should work fine.
The final problem was that the Issuer in the JWT was set to http://localhost:2020/gasphinx. This is now overwritten in TSphinxConfig.ConfigureToken. Not sure if that is right, but it works.