Open czhou-brex opened 1 week ago
AlexanderYastrebov
commented
1 week ago Hello, thank you.
The base URL ends up being the ingress's host name rather than the hostname of the origin.
What is ingress's host name? Is it the host name of the skipper machine or something else?
czhou-brex
commented
1 week ago Hello, thank you.
The base URL ends up being the ingress's host name rather than the hostname of the origin.
What is ingress's host name? Is it the host name of the skipper machine or something else?
The ingress host name is "myapp-staging" which results in the redirect_uri being https://myapp-staging.staging.host.com/oauth/callback instead of the correct https://myapp.staging.host.com/oauth/callback, which was the origin URL. We can forward the host using external-dns in ingress.
However we also need to make this work for localhost for the dev environment, so redirect_uri will be "http://localhost/oauth/callback". We cannot forward localhost in external-dns.
Is your feature request related to a problem? Please describe. We are facing a challenge using the oauthgrant filter where the redirect_uri has the wrong host value. The base URL ends up being the ingress's host name rather than the hostname of the origin. This leads to a login failure.
Skipper currently relies on the host of the request and there is no way to set this value. https://github.com/zalando/skipper/blob/7cb3dc275ab4594a4e8219c4a2c1e954bb2847a9/filters/auth/grantconfig.go#L370
Describe the solution you would like We would like to add a new header
X-Skipper-Redirect-Base-Urito override the header in order to support both localhost and non-local environments, in order to be able to supply the correct redirect_uri value.Describe alternatives you've considered (optional) We have tried to forward the host headers via our Cloudfront and Ingress environments but this solution will not work for localhost.
Would you like to work on it? Yes, see https://github.com/zalando/skipper/pull/3228