technofab/jwt-authorizer
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/jwt-authorizer.git synced 2025-12-12 08:00:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: Allow non-root OIDC issuer (#5)

Browse source 
My OIDC endpoint is not at the root and I couldn't use `discover_jwks`
because it would strip the path of the issuer.

Before:
```
issuer: 'https://example.com/myissuer/'
result: 'https://example.com/.well-known/openid-configuration'
```

After:
```
issuer: 'https://example.com/myissuer/'
result: 'https://example.com/myissuer/.well-known/openid-configuration'
```

I checked, and having the discovery url not at the root seems to be
supported by the standard:

https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
This commit is contained in:
kschibli 2023-03-15 07:26:15 +01:00 committed by GitHub
parent ab5f3ffc2c
commit 2bb4b4ca34
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
jwt-authorizer/src/oidc.rs
View file

@ -11,7 +11,7 @@ pub struct OidcDiscovery {
pub async fn discover_jwks(issuer: &str) -> Result<String, InitError> { pub async fn discover_jwks(issuer: &str) -> Result<String, InitError> {
let discovery_url = reqwest::Url::parse(issuer) let discovery_url = reqwest::Url::parse(issuer)
.map_err(|e| InitError::DiscoveryError(e.to_string()))? .map_err(|e| InitError::DiscoveryError(e.to_string()))?
.join("/.well-known/openid-configuration") .join(".well-known/openid-configuration")
.map_err(|e| InitError::DiscoveryError(e.to_string()))?; .map_err(|e| InitError::DiscoveryError(e.to_string()))?;
reqwest::Client::new() reqwest::Client::new()
.get(discovery_url) .get(discovery_url)