fix(auth): allow authorization for Github and OIDC behind the reverse proxy

[erka]

No description provided.

[codecov]

Codecov Report

Attention: Patch coverage is 79.68750% with 13 lines in your changes missing coverage. Please review.

Project coverage is 71.08%. Comparing base (f997fb9) to head (138bbbd).
Report is 384 commits behind head on main.

❗ Current head 138bbbd differs from pull request most recent head 5ccfeee

Please upload reports for the commit 5ccfeee to get more accurate results.

Files	Patch %	Lines
internal/server/authn/method/http.go	50.00%	6 Missing ⚠️
internal/config/authentication.go	86.84%	5 Missing ⚠️
internal/cmd/authn.go	0.00%	1 Missing ⚠️
internal/cmd/http.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3135      +/-   ##
==========================================
+ Coverage   70.78%   71.08%   +0.29%     
==========================================
  Files          91      109      +18     
  Lines        8729     7981     -748     
==========================================
- Hits         6179     5673     -506     
+ Misses       2165     1869     -296     
- Partials      385      439      +54     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[markphelps]

@erka is this ready for review?

[erka]

@erka is this ready for review?

@markphelps It works, but it's not ideal. The callback_url and authorize_url in the authentication method metadata lack the necessary prefix. While modifying them is possible, it involves dealing with low-level gRPC objects, making performance impact and maintenance difficult.

[markphelps]

This looks great, thank you @erka !

[GeorgeMac]

👏 Nice one @erka . Thanks for making this happen, it was a fiddly one.
And @tvcsantos for initial contrib and ideas around x-forwarded-prefix.

[tvcsantos]

Thanks for the efforts guys. Really cool 👍