feat(authn-oidc): use full urls for login callback/logout options

2024-05-23 15:17:05 +02:00
parent 499bb3696d
commit 544326a4b7
11 changed files with 270 additions and 62 deletions
--- a/internal/proxy/director/layer/authn/oidc/client.go
+++ b/internal/proxy/director/layer/authn/oidc/client.go
@ -30,6 +30,7 @@ var (
 )

 type Client struct {
+	httpClient *http.Client
 	oauth2     *oauth2.Config
 	provider   *oidc.Provider
 	verifier   *oidc.IDTokenVerifier
@ -210,6 +211,7 @@ func (c *Client) sessionEndURL(idTokenHint, state, postLogoutRedirectURL string)

 func (c *Client) validate(r *http.Request, sess *sessions.Session) (*oauth2.Token, *oidc.IDToken, string, error) {
 	ctx := r.Context()
+	ctx = oidc.ClientContext(ctx, c.httpClient)

 	rawStoredState := sess.Values[sessionKeyLoginState]
 	receivedState := r.URL.Query().Get("state")
@ -287,5 +289,6 @@ func NewClient(funcs ...ClientOptionFunc) *Client {
 		provider:   opts.Provider,
 		verifier:   verifier,
 		authParams: opts.AuthParams,
+		httpClient: opts.HTTPClient,
 	}
 }