From 52e2e6e25e19bfd4087d273c0c6d393d01b9744c Mon Sep 17 00:00:00 2001
From: Shane Bryzak <sbryzak@gmail.com>
Date: Thu, 29 Feb 2024 13:22:51 +1000
Subject: [PATCH] reverted

---
 example-config.yml                      |  2 +-
 pkg/configuration/configuration.go      |  2 +-
 pkg/configuration/configuration_test.go |  2 +-
 pkg/proxy/proxy.go                      | 10 +++++-----
 pkg/proxy/proxy_test.go                 |  6 +++---
 test/fake/keycloak.go                   |  2 +-
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/example-config.yml b/example-config.yml
index d1d0188e..15112a14 100644
--- a/example-config.yml
+++ b/example-config.yml
@@ -19,4 +19,4 @@ auth_client.config.raw: >
     "confidential-port": 0,
     "clientId": "registrationService"
   }
-auth_client.public_keys_url: "http://localhost:8080/realms/demoRealm/protocol/openid-connect/certs"
+auth_client.public_keys_url: "http://localhost:8080/auth/realms/demoRealm/protocol/openid-connect/certs"
diff --git a/pkg/configuration/configuration.go b/pkg/configuration/configuration.go
index 331ea0df..a6611d6f 100644
--- a/pkg/configuration/configuration.go
+++ b/pkg/configuration/configuration.go
@@ -178,7 +178,7 @@ func (r AuthConfig) AuthClientConfigRaw() string {
 }
 
 func (r AuthConfig) AuthClientPublicKeysURL() string {
-	return commonconfig.GetString(r.c.AuthClientPublicKeysURL, "https://sso.devsandbox.dev/realms/sandbox-dev/protocol/openid-connect/certs")
+	return commonconfig.GetString(r.c.AuthClientPublicKeysURL, "https://sso.devsandbox.dev/auth/realms/sandbox-dev/protocol/openid-connect/certs")
 }
 
 func (r AuthConfig) SSOBaseURL() string {
diff --git a/pkg/configuration/configuration_test.go b/pkg/configuration/configuration_test.go
index 24102c61..36b9bcc6 100644
--- a/pkg/configuration/configuration_test.go
+++ b/pkg/configuration/configuration_test.go
@@ -49,7 +49,7 @@ func TestRegistrationService(t *testing.T) {
 		assert.Equal(t, "application/json; charset=utf-8", regServiceCfg.Auth().AuthClientConfigContentType())
 		assert.Equal(t, `{"realm": "sandbox-dev","auth-server-url": "https://sso.devsandbox.dev/auth","ssl-required": "none","resource": "sandbox-public","clientId": "sandbox-public","public-client": true, "confidential-port": 0}`,
 			regServiceCfg.Auth().AuthClientConfigRaw())
-		assert.Equal(t, "https://sso.devsandbox.dev/realms/sandbox-dev/protocol/openid-connect/certs", regServiceCfg.Auth().AuthClientPublicKeysURL())
+		assert.Equal(t, "https://sso.devsandbox.dev/auth/realms/sandbox-dev/protocol/openid-connect/certs", regServiceCfg.Auth().AuthClientPublicKeysURL())
 		assert.Equal(t, "https://sso.devsandbox.dev", regServiceCfg.Auth().SSOBaseURL())
 		assert.Equal(t, "sandbox-dev", regServiceCfg.Auth().SSORealm())
 		assert.False(t, regServiceCfg.Verification().Enabled())
diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go
index 04063719..20eaff33 100644
--- a/pkg/proxy/proxy.go
+++ b/pkg/proxy/proxy.go
@@ -51,11 +51,11 @@ const (
 )
 
 func ssoWellKnownTarget() string {
-	return fmt.Sprintf("%s/realms/%s/.well-known/openid-configuration", configuration.GetRegistrationServiceConfig().Auth().SSOBaseURL(), configuration.GetRegistrationServiceConfig().Auth().SSORealm())
+	return fmt.Sprintf("%s/auth/realms/%s/.well-known/openid-configuration", configuration.GetRegistrationServiceConfig().Auth().SSOBaseURL(), configuration.GetRegistrationServiceConfig().Auth().SSORealm())
 }
 
 func openidAuthEndpoint() string {
-	return fmt.Sprintf("/realms/%s/protocol/openid-connect/auth", configuration.GetRegistrationServiceConfig().Auth().SSORealm())
+	return fmt.Sprintf("/auth/realms/%s/protocol/openid-connect/auth", configuration.GetRegistrationServiceConfig().Auth().SSORealm())
 }
 
 func authorizationEndpointTarget() string {
@@ -146,10 +146,10 @@ func (p *Proxy) StartProxy(port string) *http.Server {
 	// Here is the expected flow for the "oc login -w" command:
 	// 1. "oc login -w --server=<proxy_url>"
 	// 2. oc calls <proxy_url>/.well-known/oauth-authorization-server (wellKnownOauthConfigEndpoint endpoint)
-	// 3. proxy forwards it to <sso_url>/realms/<sso_realm>/.well-known/openid-configuration
-	// 4. oc starts an OAuth flow by opening a browser for <proxy_url>/realms/<realm>/protocol/openid-connect/auth
+	// 3. proxy forwards it to <sso_url>/auth/realms/<sso_realm>/.well-known/openid-configuration
+	// 4. oc starts an OAuth flow by opening a browser for <proxy_url>/auth/realms/<realm>/protocol/openid-connect/auth
 	// 5. proxy redirects (the request is not proxied but redirected via 403 See Others response!) the request
-	//    to <sso_url>/realms/<realm>/protocol/openid-connect/auth
+	//    to <sso_url>/auth/realms/<realm>/protocol/openid-connect/auth
 	//    Note: oc uses this hardcoded public (no secret) oauth client name: "openshift-cli-client" which has to exist in SSO to make this flow work.
 	// 6. user provides the login credentials in the sso login page
 	// 7. all following oc requests (<proxy_url>/auth/*) go to the proxy and forwarded to SSO as is. This is used to obtain the generated token by oc.
diff --git a/pkg/proxy/proxy_test.go b/pkg/proxy/proxy_test.go
index 221d7bc3..4d74a229 100644
--- a/pkg/proxy/proxy_test.go
+++ b/pkg/proxy/proxy_test.go
@@ -314,7 +314,7 @@ func (s *TestProxySuite) checkWebLogin() {
 			w.Header().Set("Content-Type", "application/json")
 			w.WriteHeader(http.StatusOK)
 			switch p := r.URL.Path; p {
-			case "/realms/sandbox-dev/.well-known/openid-configuration":
+			case "/auth/realms/sandbox-dev/.well-known/openid-configuration":
 				_, err := w.Write([]byte("mock SSO configuration"))
 				require.NoError(s.T(), err)
 			case "/auth/anything":
@@ -343,10 +343,10 @@ func (s *TestProxySuite) checkWebLogin() {
 				ExpectedResponse:   "mock SSO configuration",
 			},
 			"oidc": {
-				RequestURL:         "http://localhost:8081/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
+				RequestURL:         "http://localhost:8081/auth/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
 				ExpectedStatusCode: http.StatusSeeOther,
 				ExpectedHeaders: map[string]string{
-					"Location": testServer.URL + "/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
+					"Location": testServer.URL + "/auth/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
 				},
 			},
 			"other auth requests": {
diff --git a/test/fake/keycloak.go b/test/fake/keycloak.go
index 5c38be71..08ad13cb 100644
--- a/test/fake/keycloak.go
+++ b/test/fake/keycloak.go
@@ -10,7 +10,7 @@ var certsContent = `{"keys":[{"kid":"E3DKGdZQ7xTiIvfdFgVXLNupVupFBlcxNUgVCFhDwEg
 
 func MockKeycloakCertsCall(t *testing.T) {
 	gock.New("https://sso.devsandbox.dev").
-		Get("realms/sandbox-dev/protocol/openid-connect/certs").
+		Get("auth/realms/sandbox-dev/protocol/openid-connect/certs").
 		Persist().
 		Reply(200).
 		BodyString(certsContent)