diff --git a/conf/app.conf b/conf/app.conf index d4e068c1..8278244b 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -16,4 +16,4 @@ httpProxy = "127.0.0.1:10808" verificationCodeTimeout = 10 initScore = 2000 logPostOnly = true -origin = "https://door.casbin.com" \ No newline at end of file +origin = \ No newline at end of file diff --git a/controllers/oidc_discovery.go b/controllers/oidc_discovery.go index a39aaca6..7dea62ae 100644 --- a/controllers/oidc_discovery.go +++ b/controllers/oidc_discovery.go @@ -20,7 +20,8 @@ import "github.com/casdoor/casdoor/object" // @Tag OIDC API // @router /.well-known/openid-configuration [get] func (c *RootController) GetOidcDiscovery() { - c.Data["json"] = object.GetOidcDiscovery() + host := c.Ctx.Request.Host + c.Data["json"] = object.GetOidcDiscovery(host) c.ServeJSON() } diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go index cb0b76a5..cfb2437d 100644 --- a/object/oidc_discovery.go +++ b/object/oidc_discovery.go @@ -18,6 +18,7 @@ import ( "crypto/x509" "encoding/pem" "fmt" + "strings" "github.com/astaxie/beego" "gopkg.in/square/go-jose.v2" @@ -40,22 +41,39 @@ type OidcDiscovery struct { RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"` } -var oidcDiscovery OidcDiscovery +func getOriginFromHost(host string) (string, string) { + protocol := "https://" + if strings.HasPrefix(host, "localhost") { + protocol = "http://" + } + + if host == "localhost:8000" { + return fmt.Sprintf("%s%s", protocol, "localhost:7001"), fmt.Sprintf("%s%s", protocol, "localhost:8000") + } else { + return fmt.Sprintf("%s%s", protocol, host), fmt.Sprintf("%s%s", protocol, host) + } +} + +func GetOidcDiscovery(host string) OidcDiscovery { + originFrontend, originBackend := getOriginFromHost(host) -func init() { origin := beego.AppConfig.String("origin") + if origin != "" { + originFrontend = origin + originBackend = origin + } // Examples: // https://login.okta.com/.well-known/openid-configuration // https://auth0.auth0.com/.well-known/openid-configuration // https://accounts.google.com/.well-known/openid-configuration // https://access.line.me/.well-known/openid-configuration - oidcDiscovery = OidcDiscovery{ - Issuer: origin, - AuthorizationEndpoint: fmt.Sprintf("%s/login/oauth/authorize", origin), - TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", origin), - UserinfoEndpoint: fmt.Sprintf("%s/api/userinfo", origin), - JwksUri: fmt.Sprintf("%s/api/certs", origin), + oidcDiscovery := OidcDiscovery{ + Issuer: originFrontend, + AuthorizationEndpoint: fmt.Sprintf("%s/login/oauth/authorize", originFrontend), + TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", originBackend), + UserinfoEndpoint: fmt.Sprintf("%s/api/userinfo", originBackend), + JwksUri: fmt.Sprintf("%s/api/certs", originBackend), ResponseTypesSupported: []string{"id_token"}, ResponseModesSupported: []string{"login", "code", "link"}, GrantTypesSupported: []string{"password", "authorization_code"}, @@ -66,9 +84,7 @@ func init() { RequestParameterSupported: true, RequestObjectSigningAlgValuesSupported: []string{"HS256", "HS384", "HS512"}, } -} -func GetOidcDiscovery() OidcDiscovery { return oidcDiscovery }