outposts/proxyv2: fix JWKS url pointing to localhost on embedded outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
dd8b579dd6
commit
9fc5ff4b77
|
@ -13,15 +13,18 @@ import (
|
|||
type OIDCEndpoint struct {
|
||||
oauth2.Endpoint
|
||||
EndSessionEndpoint string
|
||||
JwksUri string
|
||||
}
|
||||
|
||||
func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoint {
|
||||
authUrl := p.OidcConfiguration.AuthorizationEndpoint
|
||||
endUrl := p.OidcConfiguration.EndSessionEndpoint
|
||||
jwksUrl := p.OidcConfiguration.JwksUri
|
||||
if browserHost, found := os.LookupEnv("AUTHENTIK_HOST_BROWSER"); found && browserHost != "" {
|
||||
host := os.Getenv("AUTHENTIK_HOST")
|
||||
authUrl = strings.ReplaceAll(authUrl, host, browserHost)
|
||||
endUrl = strings.ReplaceAll(endUrl, host, browserHost)
|
||||
jwksUrl = strings.ReplaceAll(jwksUrl, host, browserHost)
|
||||
}
|
||||
ep := OIDCEndpoint{
|
||||
Endpoint: oauth2.Endpoint{
|
||||
|
@ -30,6 +33,7 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoin
|
|||
AuthStyle: oauth2.AuthStyleInParams,
|
||||
},
|
||||
EndSessionEndpoint: endUrl,
|
||||
JwksUri: jwksUrl,
|
||||
}
|
||||
authU, err := url.Parse(authUrl)
|
||||
if err != nil {
|
||||
|
@ -39,6 +43,10 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoin
|
|||
if err != nil {
|
||||
return ep
|
||||
}
|
||||
jwksU, err := url.Parse(jwksUrl)
|
||||
if err != nil {
|
||||
return ep
|
||||
}
|
||||
if authU.Host != "localhost:8000" {
|
||||
return ep
|
||||
}
|
||||
|
@ -54,7 +62,10 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string) OIDCEndpoin
|
|||
authU.Scheme = aku.Scheme
|
||||
endU.Host = aku.Host
|
||||
endU.Scheme = aku.Scheme
|
||||
jwksU.Host = aku.Host
|
||||
jwksU.Scheme = aku.Scheme
|
||||
ep.AuthURL = authU.String()
|
||||
ep.EndSessionEndpoint = endU.String()
|
||||
ep.JwksUri = jwksU.String()
|
||||
return ep
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ func (a *Application) addHeaders(headers http.Header, c *Claims) {
|
|||
headers.Set("X-authentik-jwt", c.RawToken)
|
||||
|
||||
// System headers
|
||||
headers.Set("X-authentik-meta-jwks", a.proxyConfig.OidcConfiguration.JwksUri)
|
||||
headers.Set("X-authentik-meta-jwks", a.endpint.JwksUri)
|
||||
headers.Set("X-authentik-meta-outpost", a.outpostName)
|
||||
headers.Set("X-authentik-meta-provider", a.proxyConfig.Name)
|
||||
headers.Set("X-authentik-meta-app", a.proxyConfig.AssignedApplicationSlug)
|
||||
|
|
Reference in New Issue