Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recognise absolute oauth2 callback-uri as absolute and don't append it to the base uri #370

Closed
brent777 opened this issue Aug 28, 2020 · 5 comments
Closed

Recognise absolute oauth2 callback-uri as absolute and don't append it to the base uri #370

brent777 opened this issue Aug 28, 2020 · 5 comments
Assignees
@jameskleeh
Milestone
2.0.1

Comments

@brent777
Copy link

Would it be possible for the callback-uri to be recognised as absolute if it begins with http / https? Right now, it is considered relative no matter what, it seems.

I need to do this to try workaround a very strange issue that I experience with my Micronaut app in some environments (but not all) where it is trying to make the callback over http instead of https (no idea why since my application endpoints are available over https only). My hope is if this URI could be configured as absolute, then I could explicitly put "https" in the URI and work around this strange issue.

Steps to Reproduce

  1. Configure the oauth2 callback-uri in a yml like:

callback-uri: https://xxxx/oauth/callback/azure

  1. Run the application and try authenticate.

  2. Notice that the callback URI sent to the auth provider appends this value to the base URI, i.e. https://xxxx/https://xxxx/oauth/callback/azure causing auth to fail.

Expected Behaviour

If I configure the callback-uri as https://xxxx/oauth/callback/azure, then I would expect it to be sent to the provider as https://xxxx/oauth/callback/azure and not https://xxxx/https://xxxx/oauth/callback/azure.

Actual Behaviour

It is sent to the provider as https://xxxx/https://xxxx/oauth/callback/azure.

Environment Information

  • Operating System: Ubuntu
  • Micronaut Version: 2.0.1
  • Kotlin Version: 1.3.72

Example Application

  • Unfortunately the application is proprietary and in a private repository so I cannot provide this.
@jameskleeh
Copy link
Contributor

@brent777 What is the use case for providing the full URL there? The host resolver should resolve the current server URL

jameskleeh added a commit that referenced this issue Sep 9, 2020
@jameskleeh
Support absolute configs for oauth callback and login. Closes #370
e94a521
@jameskleeh jameskleeh self-assigned this Sep 9, 2020
@jameskleeh jameskleeh added this to the 2.0.1 milestone Sep 9, 2020
@nikomakela
Copy link

nikomakela commented Dec 7, 2020
edited

It seems like this feature does not work anymore. Micronaut v. 2.1.4

@jameskleeh
Copy link
Contributor

@nikomakela As you can see in the commit we have a test for this case. If there is a problem please file a new issue with an example app to reproduce

@jjchiw
Copy link

jjchiw commented May 4, 2021
edited

Hi!

Did this change was merged?

I see the change in the commit

micronaut-security/security-oauth2/src/main/java/io/micronaut/security/oauth2/url/DefaultOauthRouteUrlBuilder.java

Line 114 in e94a521

if (path.startsWith("http")) {

But it doesn't appear in the tag 2.0.1

https://github.com/micronaut-projects/micronaut-security/blob/v2.0.1/security-oauth2/src/main/java/io/micronaut/security/oauth2/url/DefaultOauthRouteUrlBuilder.java#L114

So neither in the latest 2.4.2 tag

https://github.com/micronaut-projects/micronaut-security/blob/v2.4.2/security-oauth2/src/main/java/io/micronaut/security/oauth2/url/DefaultOauthRouteUrlBuilder.java#L114

So, are you going to merge this or should I implement OauthRouteUrlBuilder

Thanks :)

@jameskleeh
Copy link
Contributor

@jjchiw It appears I failed to create a PR for the branch. I just did #643

sdelamo added a commit that referenced this issue May 5, 2021
@sdelamo
fix: Support absolute configs for oauth callback and login
0a91e36 
close: #370

close: #643
@sdelamo sdelamo mentioned this issue May 5, 2021
Merged
sdelamo added a commit that referenced this issue May 5, 2021
@sdelamo
fix: Support absolute configs for oauth callback and login
611579b 
close: #370

close: #643
sdelamo added a commit that referenced this issue May 5, 2021
@sdelamo
fix: Support absolute configs for oauth callback and login (#644)
b270f2f 
close: #370

close: #643
sdelamo added a commit that referenced this issue May 5, 2021
@sdelamo
fix: Support absolute configs for oauth callback and login
64785e9 
close: #370

close: #643
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jameskleeh jameskleeh

Labels
None yet
Projects
None yet
Milestone
2.0.1
Development

No branches or pull requests
4 participants
@nikomakela @jjchiw @brent777 @jameskleeh