diff --git a/README.md b/README.md index ce3462a..a04e1ba 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,9 @@ This tool is full configured using environment variables. - `OIDC_CLIENT_ID`: OAuth2 Client ID to use. - `OIDC_CLIENT_SECRET`: OAuth2 Client Secret to use. Can be set to an empty string when only implicit flow is tested. - `OIDC_ROOT_URL`: URL under which you access this Client. (default http://localhost:9009) + + When using in a subdirectory, make sure to leave out any trailing slashes + - `OIDC_PROVIDER`: Optional URL that metadata is fetched from. The metadata is fetched on the first request to `/` - `OIDC_SCOPES`: Scopes to request from the provider. Defaults to "openid,offline_access,profile,email" - `OIDC_DO_REFRESH`: Whether refresh-token related checks are enabled (don't ask for a refresh token) (default: true) diff --git a/pkg/client.go b/pkg/client.go index 2c17938..8fc2c0c 100644 --- a/pkg/client.go +++ b/pkg/client.go @@ -6,6 +6,7 @@ import ( "encoding/json" "fmt" "net/http" + "net/url" "os" "strings" "time" @@ -243,14 +244,18 @@ func logRequest(handler http.Handler) http.Handler { } func (c *OIDCClient) Run() { + baseUrl, err := url.Parse(Env("OIDC_ROOT_URL", "http://localhost:9009")) + if err != nil { + panic(err) + } mux := http.NewServeMux() - mux.HandleFunc("/implicit/", c.implicit) - mux.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.FS(static)))) - mux.HandleFunc("/health", c.health) + mux.HandleFunc(baseUrl.Path+"/implicit/", c.implicit) + mux.Handle(baseUrl.Path+"/static/", http.StripPrefix("/static/", http.FileServer(http.FS(static)))) + mux.HandleFunc(baseUrl.Path+"/health", c.health) // Just to prevent favicon from triggering authorize - mux.HandleFunc("/favicon.ico", c.health) - mux.HandleFunc("/auth/callback", c.oauthCallback) - mux.HandleFunc("/", c.oauthInit) + mux.HandleFunc(baseUrl.Path+"/favicon.ico", c.health) + mux.HandleFunc(baseUrl.Path+"/auth/callback", c.oauthCallback) + mux.HandleFunc(baseUrl.Path+"/", c.oauthInit) listen := Env("OIDC_BIND", "localhost:9009")