fix(openid): use the calculated redirect url when authenticating with openid providers
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/push Build is failing
Details
This commit is contained in:
parent
a20f6ac815
commit
ce53663a88
GPG Key ID:
F40E70337AB24C9B
|
|
@ -292,17 +292,14 @@ auth:
|
|||
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
|
||||
# If the email is not public in those cases, authenticating will fail.
|
||||
# **Note 2:** The frontend expects to be redirected after authentication by the third party
|
||||
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
|
||||
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url in your third party
|
||||
# auth service accordingly if you're using the default vikunja frontend.
|
||||
# The frontend will automatically provide the api with the redirect url, composed from the current url where it's hosted.
|
||||
# If you want to use the desktop client with openid, make sure to allow redirects to `127.0.0.1`.
|
||||
# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
|
||||
openid:
|
||||
# Enable or disable OpenID Connect authentication
|
||||
enabled: false
|
||||
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
|
||||
# frontend, you don't need to change this value.
|
||||
# **Note:** The redirect url must exactly match the configured redirect url with the third party provider.
|
||||
# This includes all slashes at the end or protocols.
|
||||
redirecturl: <frontend url>
|
||||
# A list of enabled providers
|
||||
providers:
|
||||
# The name of the provider as it will appear in the frontend.
|
||||
|
|
|
|||
|
|
@ -65,10 +65,9 @@ const (
|
|||
ServiceEnableUserDeletion Key = `service.enableuserdeletion`
|
||||
ServiceMaxAvatarSize Key = `service.maxavatarsize`
|
||||
|
||||
AuthLocalEnabled Key = `auth.local.enabled`
|
||||
AuthOpenIDEnabled Key = `auth.openid.enabled`
|
||||
AuthOpenIDRedirectURL Key = `auth.openid.redirecturl`
|
||||
AuthOpenIDProviders Key = `auth.openid.providers`
|
||||
AuthLocalEnabled Key = `auth.local.enabled`
|
||||
AuthOpenIDEnabled Key = `auth.openid.enabled`
|
||||
AuthOpenIDProviders Key = `auth.openid.providers`
|
||||
|
||||
LegalImprintURL Key = `legal.imprinturl`
|
||||
LegalPrivacyURL Key = `legal.privacyurl`
|
||||
|
|
@ -451,10 +450,6 @@ func InitConfig() {
|
|||
ServiceFrontendurl.Set(ServiceFrontendurl.GetString() + "/")
|
||||
}
|
||||
|
||||
if AuthOpenIDRedirectURL.GetString() == "" {
|
||||
AuthOpenIDRedirectURL.Set(ServiceFrontendurl.GetString() + "auth/openid/")
|
||||
}
|
||||
|
||||
if MigrationTodoistRedirectURL.GetString() == "" {
|
||||
MigrationTodoistRedirectURL.Set(ServiceFrontendurl.GetString() + "migrate/todoist")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,8 +40,9 @@ import (
|
|||
|
||||
// Callback contains the callback after an auth request was made and redirected
|
||||
type Callback struct {
|
||||
Code string `query:"code" json:"code"`
|
||||
Scope string `query:"scop" json:"scope"`
|
||||
Code string `query:"code" json:"code"`
|
||||
Scope string `query:"scop" json:"scope"`
|
||||
RedirectUrl string `json:"redirect_url"`
|
||||
}
|
||||
|
||||
// Provider is the structure of an OpenID Connect provider
|
||||
|
|
@ -103,6 +104,8 @@ func HandleCallback(c echo.Context) error {
|
|||
return c.JSON(http.StatusBadRequest, models.Message{Message: "Provider does not exist"})
|
||||
}
|
||||
|
||||
provider.Oauth2Config.RedirectURL = cb.RedirectUrl
|
||||
|
||||
// Parse the access & ID token
|
||||
oauth2Token, err := provider.Oauth2Config.Exchange(context.Background(), cb.Code)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -149,7 +149,6 @@ func getProviderFromMap(pi map[string]interface{}) (provider *Provider, err erro
|
|||
provider.Oauth2Config = &oauth2.Config{
|
||||
ClientID: provider.ClientID,
|
||||
ClientSecret: provider.ClientSecret,
|
||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString() + k,
|
||||
// Discovery returns the OAuth2 endpoints.
|
||||
Endpoint: provider.openIDProvider.Endpoint(),
|
||||
|
||||
|
|
|
|||
|
|
@ -63,9 +63,8 @@ type localAuthInfo struct {
|
|||
}
|
||||
|
||||
type openIDAuthInfo struct {
|
||||
Enabled bool `json:"enabled"`
|
||||
RedirectURL string `json:"redirect_url"`
|
||||
Providers []*openid.Provider `json:"providers"`
|
||||
Enabled bool `json:"enabled"`
|
||||
Providers []*openid.Provider `json:"providers"`
|
||||
}
|
||||
|
||||
type legalInfo struct {
|
||||
|
|
@ -109,8 +108,7 @@ func Info(c echo.Context) error {
|
|||
Enabled: config.AuthLocalEnabled.GetBool(),
|
||||
},
|
||||
OpenIDConnect: openIDAuthInfo{
|
||||
Enabled: config.AuthOpenIDEnabled.GetBool(),
|
||||
RedirectURL: config.AuthOpenIDRedirectURL.GetString(),
|
||||
Enabled: config.AuthOpenIDEnabled.GetBool(),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue