Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect uri / to /doc #495

Open
JokerDevops opened this issue Oct 18, 2023 · 1 comment
Open

Redirect uri / to /doc #495

JokerDevops opened this issue Oct 18, 2023 · 1 comment

Comments

@JokerDevops
Copy link

Environment
  • lua-resty-openidc version (e.g. 1.7.6)
  • OpenID Connect provider (e.g. Keycloak, Azure AD)

lua-resty-openidc version 1.7.6
OpenID Connect provider keycloak

Expected behaviour

Go to https://172.18.157.158:19999/ to jump to the keycloak login page, after successful login the browser uri will be https://172.18.157.158:19999/doc/

Actual behaviour

What's happening now is that visiting https://172.18.157.158:19999/ jumps to the keycloak login, and after login the browser uri is still https://172.18.157.158:19999/

Minimized example

Minimal, complete configuration that reproduces the behavior.

    location / {

       access_by_lua '
         local opts = {
           ssl_verify = "no",
	   keepalive = "yes",
           redirect_uri_path = "/doc/redirect_uri",
           accept_none_alg = true,
           discovery = "https://172.18.157.235:8283/auth/realms/xxx/.well-known/openid-configuration",
           client_id = "nginx",
           client_secret = "c6f4a272-364e-46b1-8df3-dcdcc37a44ac",
           redirect_uri_scheme = "https",
           logout_path = "/logout",
           redirect_after_logout_uri = "https://172.18.157.235:8280/auth/realms/xxx/protocol/openid-connect/logout?redirect_uri=http://localhost/",
           redirect_after_logout_with_id_token_hint = false,
           session_contents = {id_token=true}
         }
         -- call introspect for OAuth 2.0 Bearer Access Token validation
         local res, err = require("resty.openidc").authenticate(opts)
         if err then
           ngx.status = 403
           ngx.say(err)
           ngx.exit(ngx.HTTP_FORBIDDEN)
         end
      ';

      # I disabled caching so the browser won't cache the site.
      expires           0;

      add_header        Cache-Control private;


        absolute_redirect off;
        root /opt/xxx/xxx-doc/;
        index index.html;
        try_files $uri $uri/ /index.html =404;
    }
Configuration and NGINX server log files

Config and logs for the minimized example, possibly provided as attachments.
@bodewig
Copy link
Collaborator

bodewig commented Oct 22, 2023

Why do you expect that a request to / will end up being redirect to /doc? I don't see anything inside the config snippet you've posted that would cause such a redirect. I must be overlooking something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bodewig @JokerDevops