issuer -> .well-known doesn't handle nested URLs
Closed this issue · 4 comments
oidcc version
3.0.1
Erlang version
26.0.3
Elixir version
1.15.4
Summary
I'm trying to use Oidcc to integrated with a Keycloak instance. The issuer is https://<domain>/auth/realms/X and the configuration lives at https://<domain>/auth/realms/X/.well-known/openid-configuration. It looks like the issue is that
oidcc/src/oidcc_provider_configuration.erl
Line 199 in 1a45cfe
X part which results in an invalid URL.
Current behavior
Issuers which are not at the top-level of a domain do not validate.
How to reproduce
iex> Oidcc.ProviderConfiguration.load_configuration("https://<domain>/auth/realms/X")
{:error, {:http_error, 404, %{"error" => "Realm does not exist"}}}Expected behavior
Nested issuers are looked up correctly and can be used.
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest has different logic for this, which does appear to work properly. If no one else looks at this I'll take a look on Monday (US Eastern).
@paulswartz That's a bug. I introduced uri_string:resolve/2 to make sure that we don't get double slashes. I did not consider that it removes the last part if it does not already contain a slash at the end.
@paulswartz Can you give #286 a spin to see if this resolves your issue?
Closing in favor of PR