search

zmartzone / lua-resty-openidc

OpenID Connect Relying Party and OAuth 2.0 Resource Server implementation in Lua for NGINX / OpenResty
Apache License 2.0
976 stars 249 forks source link

Redirect uri / to /doc #495

Open JokerDevops opened 1 year ago

JokerDevops commented 1 year ago
Environment

lua-resty-openidc version 1.7.6 OpenID Connect provider keycloak

Expected behaviour

Go to https://172.18.157.158:19999/ to jump to the keycloak login page, after successful login the browser uri will be https://172.18.157.158:19999/doc/

Actual behaviour

What's happening now is that visiting https://172.18.157.158:19999/ jumps to the keycloak login, and after login the browser uri is still https://172.18.157.158:19999/

Minimized example

Minimal, complete configuration that reproduces the behavior.

    location / {

       access_by_lua '
         local opts = {
           ssl_verify = "no",
       keepalive = "yes",
           redirect_uri_path = "/doc/redirect_uri",
           accept_none_alg = true,
           discovery = "https://172.18.157.235:8283/auth/realms/xxx/.well-known/openid-configuration",
           client_id = "nginx",
           client_secret = "c6f4a272-364e-46b1-8df3-dcdcc37a44ac",
           redirect_uri_scheme = "https",
           logout_path = "/logout",
           redirect_after_logout_uri = "https://172.18.157.235:8280/auth/realms/xxx/protocol/openid-connect/logout?redirect_uri=http://localhost/",
           redirect_after_logout_with_id_token_hint = false,
           session_contents = {id_token=true}
         }
         -- call introspect for OAuth 2.0 Bearer Access Token validation
         local res, err = require("resty.openidc").authenticate(opts)
         if err then
           ngx.status = 403
           ngx.say(err)
           ngx.exit(ngx.HTTP_FORBIDDEN)
         end
      ';

      # I disabled caching so the browser won't cache the site.
      expires           0;

      add_header        Cache-Control private;

        absolute_redirect off;
        root /opt/xxx/xxx-doc/;
        index index.html;
        try_files $uri $uri/ /index.html =404;
    }
Configuration and NGINX server log files

Config and logs for the minimized example, possibly provided as attachments.

bodewig commented 1 year ago

Why do you expect that a request to / will end up being redirect to /doc? I don't see anything inside the config snippet you've posted that would cause such a redirect. I must be overlooking something.