OpenID Connect didn't work with auto-discovery if <issuer>/.well-known/openid-configuration is beeing redirected. #4451
Description
Describe the Bug
If <issuer>/.well-known/openid-configuration is beeing redirected on OpenID Connect, i get
OIDC Discovery Error: Error discovering provider settings from issuer at URL https://ghg.berlin/.well-known/openid-configuration
Steps to Reproduce
- Go to login-page
- Click "Login with OIDC"
Expected Behaviour
If <issuer>/.well-known/openid-configuration is beeing redirected i expect that the app is follow the redirection.
Screenshots or Additional Context
In File 'app/Access/Oidc/OidcProviderSettings.php'
at 'loadSettingsFromIssuerDiscovery'
i inserted a new request to the redirection URI if we get a 301 or 302:
$issuerUrl = rtrim($this->issuer, '/') . '/.well-known/openid-configuration';
$request = new Request('GET', $issuerUrl);
$response = $httpClient->sendRequest($request);
# inserted
if ($response->getStatusCode() == 302 || $response->getStatusCode() == 301){
$request = new Request('GET', $response->getHeader('Location')[0]);
$response = $httpClient->sendRequest($request);
}
# inserted END
$result = json_decode($response->getBody()->getContents(), true);
Browser Details
Microsoft Edge Version 115.0.1901.203 (64-Bit) on Windows 11
Exact BookStack Version
23.06.2
PHP Version
8.2.8
Hosting Environment
ghcr.io/linuxserver/bookstack:v23.06.2-ls98
OIDC-Provider: IServ