From 2bb4b4ca34d23950505dee2233b03892d7ba6988 Mon Sep 17 00:00:00 2001
From: kschibli <kevin_schibli@hotmail.com>
Date: Wed, 15 Mar 2023 07:26:15 +0100
Subject: [PATCH] fix: Allow non-root OIDC issuer (#5)

My OIDC endpoint is not at the root and I couldn't use `discover_jwks`
because it would strip the path of the issuer.

Before:
```
issuer: 'https://example.com/myissuer/'
result: 'https://example.com/.well-known/openid-configuration'
```

After:
```
issuer: 'https://example.com/myissuer/'
result: 'https://example.com/myissuer/.well-known/openid-configuration'
```

I checked, and having the discovery url not at the root seems to be
supported by the standard:

https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
---
 jwt-authorizer/src/oidc.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jwt-authorizer/src/oidc.rs b/jwt-authorizer/src/oidc.rs
index 4f7b04a..988d0b7 100644
--- a/jwt-authorizer/src/oidc.rs
+++ b/jwt-authorizer/src/oidc.rs
@@ -11,7 +11,7 @@ pub struct OidcDiscovery {
 pub async fn discover_jwks(issuer: &str) -> Result<String, InitError> {
     let discovery_url = reqwest::Url::parse(issuer)
         .map_err(|e| InitError::DiscoveryError(e.to_string()))?
-        .join("/.well-known/openid-configuration")
+        .join(".well-known/openid-configuration")
         .map_err(|e| InitError::DiscoveryError(e.to_string()))?;
     reqwest::Client::new()
         .get(discovery_url)