From 765c38b88599ad3e869bc973a3a7246a1da7c4c0 Mon Sep 17 00:00:00 2001
From: Jakob Ankarhem <jakob.ankarhem@outlook.com>
Date: Wed, 12 Oct 2022 17:46:01 +0200
Subject: [PATCH] fix(oidc): look at protocol to decide callback protocol

---
 server/routes/auth.ts | 2 +-
 server/utils/oidc.ts  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/routes/auth.ts b/server/routes/auth.ts
index 1ddfaa3b9..f73595f25 100644
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -434,7 +434,7 @@ authRoutes.get('/oidc-callback', async (req, res, next) => {
     return res.status(500).json({ error: 'OIDC sign-in is disabled.' });
   }
   const cookieState = req.cookies['oidc-state'];
-  const url = new URL(req.url, `http://${req.hostname}`);
+  const url = new URL(req.url, `${req.protocol}://${req.hostname}`);
   const state = url.searchParams.get('state');
 
   try {
diff --git a/server/utils/oidc.ts b/server/utils/oidc.ts
index a24cef3a0..453399583 100644
--- a/server/utils/oidc.ts
+++ b/server/utils/oidc.ts
@@ -26,7 +26,7 @@ export async function getOIDCRedirectUrl(req: Request, state: string) {
 
   const callbackUrl = new URL(
     '/api/v1/auth/oidc-callback',
-    `http://${req.headers.host}`
+    `${req.protocol}://${req.headers.host}`
   ).toString();
   url.searchParams.set('redirect_uri', callbackUrl);
   url.searchParams.set('scope', 'openid profile email');