providers/proxy: ensure issuer is correct when browser url override is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io> #4715
2023-02-19 17:35:25 +01:00 · 2023-02-19 17:35:25 +01:00 · 9f431396c0
parent 1ac2e924a2
commit 9f431396c0
2 changed files with 12 additions and 10 deletions
--- a/internal/config/struct.go
+++ b/internal/config/struct.go
@ -19,6 +19,7 @@ type Config struct {
 	// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
 	// They are loaded via this config loader to support file:// schemas
 	AuthentikHost        string `env:"AUTHENTIK_HOST"`
 	AuthentikHostBrowser string `env:"AUTHENTIK_HOST_BROWSER"`
 	AuthentikToken       string `env:"AUTHENTIK_TOKEN"`
 	AuthentikInsecure    bool   `env:"AUTHENTIK_INSECURE"`
 }
--- a/internal/outpost/proxyv2/application/endpoint.go
+++ b/internal/outpost/proxyv2/application/endpoint.go
@ -2,11 +2,11 @@ package application
 import (
 	"net/url"
 	"os"
 	"strings"
 	log "github.com/sirupsen/logrus"
 	"goauthentik.io/api/v3"
 	"goauthentik.io/internal/config"
 	"golang.org/x/oauth2"
 )
@ -33,11 +33,12 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
 	endUrl := p.OidcConfiguration.EndSessionEndpoint
 	tokenUrl := p.OidcConfiguration.TokenEndpoint
 	jwksUrl := p.OidcConfiguration.JwksUri
-	if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found && browserHost != "" {
+	issuer := p.OidcConfiguration.Issuer
-		host := os.Getenv("AUTHENTIK_HOST")
+	if config.Get().AuthentikHostBrowser != "" {
-		authUrl = strings.ReplaceAll(authUrl, host, browserHost)
+		authUrl = strings.ReplaceAll(authUrl, authentikHost, config.Get().AuthentikHostBrowser)
-		endUrl = strings.ReplaceAll(endUrl, host, browserHost)
+		endUrl = strings.ReplaceAll(endUrl, authentikHost, config.Get().AuthentikHostBrowser)
-		jwksUrl = strings.ReplaceAll(jwksUrl, host, browserHost)
+		jwksUrl = strings.ReplaceAll(jwksUrl, authentikHost, config.Get().AuthentikHostBrowser)
 		issuer = strings.ReplaceAll(issuer, authentikHost, config.Get().AuthentikHostBrowser)
 	}
 	ep := OIDCEndpoint{
 		Endpoint: oauth2.Endpoint{
@ -48,7 +49,7 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
 		EndSessionEndpoint: endUrl,
 		JwksUri:            jwksUrl,
 		TokenIntrospection: p.OidcConfiguration.IntrospectionEndpoint,
-		Issuer:             p.OidcConfiguration.Issuer,
+		Issuer:             issuer,
 	}
 	if !embedded {
 		return ep