feat(authn-oidc): match login callback/logout urls with query string by default

internal/proxy/director/layer/authn/oidc/client.go

@@ -2,6 +2,7 @@ package oidc
 
 import (
 	"bytes"
+	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
@@ -74,7 +75,7 @@ func (c *Client) login(w http.ResponseWriter, r *http.Request, sess *sessions.Se
 
 	sess.Values[sessionKeyLoginState] = state
 	sess.Values[sessionKeyLoginNonce] = nonce
-	sess.Values[sessionKeyPostLoginRedirectURL] = originalURL.String()
+	sess.Values[sessionKeyPostLoginRedirectURL] = fmt.Sprintf("%s?%s", originalURL.Path, originalURL.Query().Encode())
 
 	if err := sess.Save(r, w); err != nil {
 		logger.Error(ctx, "could not save session", logger.E(errors.WithStack(err)))

internal/proxy/director/layer/authn/oidc/layer_options.go

@@ -49,9 +49,9 @@ func fromStoreOptions(storeOptions store.LayerOptions, baseURL string) (*LayerOp
 		LayerOptions: authn.DefaultLayerOptions(),
 		OIDC: OIDCOptions{
 			LoginCallbackURL:      baseURL + loginCallbackPath,
-			MatchLoginCallbackURL: "*" + loginCallbackPath,
+			MatchLoginCallbackURL: "*" + loginCallbackPath + "*",
 			LogoutURL:             baseURL + logoutPath,
-			MatchLogoutURL:        "*" + logoutPath,
+			MatchLogoutURL:        "*" + logoutPath + "*",
 			Scopes:                []string{"openid"},
 		},
 		Cookie: CookieOptions{