feat(authn-oidc): use full urls for login callback/logout options

2024-05-23 15:17:05 +02:00
parent 499bb3696d
commit 544326a4b7
11 changed files with 270 additions and 62 deletions
--- a/internal/proxy/director/layer/authn/oidc/layer_options.go
+++ b/internal/proxy/director/layer/authn/oidc/layer_options.go
@ -19,11 +19,14 @@ type LayerOptions struct {
 type OIDCOptions struct {
 	ClientID               string            `mapstructure:"clientId"`
 	ClientSecret           string            `mapstructure:"clientSecret"`
-	LoginCallbackPath      string            `mapstructure:"loginCallbackPath"`
-	LogoutPath             string            `mapstructure:"logoutPath"`
+	LoginCallbackURL       string            `mapstructure:"loginCallbackURL"`
+	MatchLoginCallbackURL  string            `mapstructure:"matchLoginCallbackURL"`
+	LogoutURL              string            `mapstructure:"logoutURL"`
+	MatchLogoutURL         string            `mapstructure:"matchLogoutURL"`
 	IssuerURL              string            `mapstructure:"issuerURL"`
 	SkipIssuerVerification bool              `mapstructure:"skipIssuerVerification"`
 	PostLogoutRedirectURL  string            `mapstructure:"postLogoutRedirectURL"`
+	TLSInsecureSkipVerify  bool              `mapstructure:"tlsInsecureSkipVerify"`
 	Scopes                 []string          `mapstructure:"scopes"`
 	AuthParams             map[string]string `mapstructure:"authParams"`
 }
@ -38,13 +41,18 @@ type CookieOptions struct {
 	MaxAge   time.Duration `mapstructure:"maxAge"`
 }

-func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
+func fromStoreOptions(storeOptions store.LayerOptions, baseURL string) (*LayerOptions, error) {
+	loginCallbackPath := "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/callback"
+	logoutPath := "/.bouncer/authn/oidc/{{ .ProxyName }}/{{ .LayerName }}/logout"
+
 	layerOptions := LayerOptions{
 		LayerOptions: authn.DefaultLayerOptions(),
 		OIDC: OIDCOptions{
-			LoginCallbackPath: "/.bouncer/authn/oidc/%s/callback",
-			LogoutPath:        "/.bouncer/authn/oidc/%s/logout",
-			Scopes:            []string{"openid"},
+			LoginCallbackURL:      baseURL + loginCallbackPath,
+			MatchLoginCallbackURL: "*" + loginCallbackPath,
+			LogoutURL:             baseURL + logoutPath,
+			MatchLogoutURL:        "*" + logoutPath,
+			Scopes:                []string{"openid"},
 		},
 		Cookie: CookieOptions{
 			Name:     defaultCookieName,