providers/proxy: ensure issuer is correct when browser url override is set

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4715
This commit is contained in:
Jens Langhammer 2023-02-19 17:35:25 +01:00
parent 1ac2e924a2
commit 9f431396c0
No known key found for this signature in database
2 changed files with 12 additions and 10 deletions

View File

@ -19,6 +19,7 @@ type Config struct {
// These are only relevant for proxy/ldap outposts, and cannot be set via YAML
// They are loaded via this config loader to support file:// schemas
AuthentikHost string `env:"AUTHENTIK_HOST"`
AuthentikHostBrowser string `env:"AUTHENTIK_HOST_BROWSER"`
AuthentikToken string `env:"AUTHENTIK_TOKEN"`
AuthentikInsecure bool `env:"AUTHENTIK_INSECURE"`
}

View File

@ -2,11 +2,11 @@ package application
import (
"net/url"
"os"
"strings"
log "github.com/sirupsen/logrus"
"goauthentik.io/api/v3"
"goauthentik.io/internal/config"
"golang.org/x/oauth2"
)
@ -33,11 +33,12 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
endUrl := p.OidcConfiguration.EndSessionEndpoint
tokenUrl := p.OidcConfiguration.TokenEndpoint
jwksUrl := p.OidcConfiguration.JwksUri
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found && browserHost != "" {
host := os.Getenv("AUTHENTIK_HOST")
authUrl = strings.ReplaceAll(authUrl, host, browserHost)
endUrl = strings.ReplaceAll(endUrl, host, browserHost)
jwksUrl = strings.ReplaceAll(jwksUrl, host, browserHost)
issuer := p.OidcConfiguration.Issuer
if config.Get().AuthentikHostBrowser != "" {
authUrl = strings.ReplaceAll(authUrl, authentikHost, config.Get().AuthentikHostBrowser)
endUrl = strings.ReplaceAll(endUrl, authentikHost, config.Get().AuthentikHostBrowser)
jwksUrl = strings.ReplaceAll(jwksUrl, authentikHost, config.Get().AuthentikHostBrowser)
issuer = strings.ReplaceAll(issuer, authentikHost, config.Get().AuthentikHostBrowser)
}
ep := OIDCEndpoint{
Endpoint: oauth2.Endpoint{
@ -48,7 +49,7 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
EndSessionEndpoint: endUrl,
JwksUri: jwksUrl,
TokenIntrospection: p.OidcConfiguration.IntrospectionEndpoint,
Issuer: p.OidcConfiguration.Issuer,
Issuer: issuer,
}
if !embedded {
return ep