|
|
@ -24,16 +24,17 @@ export async function getOIDCRedirectUrl(req: Request, state: string) {
|
|
|
|
url.searchParams.set('response_type', 'code');
|
|
|
|
url.searchParams.set('response_type', 'code');
|
|
|
|
url.searchParams.set('client_id', oidcClientId);
|
|
|
|
url.searchParams.set('client_id', oidcClientId);
|
|
|
|
|
|
|
|
|
|
|
|
const callbackUrl = new URL(
|
|
|
|
// Use X-Forwarded-Proto if available, otherwise fall back to req.protocol
|
|
|
|
'/api/v1/auth/oidc-callback',
|
|
|
|
const protocol = req.headers['x-forwarded-proto'] || req.protocol;
|
|
|
|
`${req.protocol}://${req.headers.host}`
|
|
|
|
const callbackUrl = new URL('/api/v1/auth/oidc-callback', `${protocol}://${req.headers.host}`).toString();
|
|
|
|
).toString();
|
|
|
|
|
|
|
|
url.searchParams.set('redirect_uri', callbackUrl);
|
|
|
|
url.searchParams.set('redirect_uri', callbackUrl);
|
|
|
|
url.searchParams.set('scope', 'openid profile email');
|
|
|
|
url.searchParams.set('scope', 'openid profile email');
|
|
|
|
url.searchParams.set('state', state);
|
|
|
|
url.searchParams.set('state', state);
|
|
|
|
|
|
|
|
|
|
|
|
return url.toString();
|
|
|
|
return url.toString();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
export const createJwtSchema = ({
|
|
|
|
export const createJwtSchema = ({
|
|
|
|
oidcDomain,
|
|
|
|
oidcDomain,
|
|
|
|
oidcClientId,
|
|
|
|
oidcClientId,
|
|
|
|