fix the redirect uri generation to use x-forward-proto to allow handling of reverse proxies.

pull/3743/head
Mike Kao 11 months ago
parent 1d61289b10
commit 4367ee3ca6

@ -24,16 +24,17 @@ export async function getOIDCRedirectUrl(req: Request, state: string) {
url.searchParams.set('response_type', 'code'); url.searchParams.set('response_type', 'code');
url.searchParams.set('client_id', oidcClientId); url.searchParams.set('client_id', oidcClientId);
const callbackUrl = new URL( // Use X-Forwarded-Proto if available, otherwise fall back to req.protocol
'/api/v1/auth/oidc-callback', const protocol = req.headers['x-forwarded-proto'] || req.protocol;
`${req.protocol}://${req.headers.host}` const callbackUrl = new URL('/api/v1/auth/oidc-callback', `${protocol}://${req.headers.host}`).toString();
).toString();
url.searchParams.set('redirect_uri', callbackUrl); url.searchParams.set('redirect_uri', callbackUrl);
url.searchParams.set('scope', 'openid profile email'); url.searchParams.set('scope', 'openid profile email');
url.searchParams.set('state', state); url.searchParams.set('state', state);
return url.toString(); return url.toString();
} }
export const createJwtSchema = ({ export const createJwtSchema = ({
oidcDomain, oidcDomain,
oidcClientId, oidcClientId,

Loading…
Cancel
Save