Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenID Provider Configuration Information is stick to root path (/) #502

Closed
alon-argus opened this issue Jul 4, 2016 · 7 comments · Fixed by #520
Closed

OpenID Provider Configuration Information is stick to root path (/) #502

alon-argus opened this issue Jul 4, 2016 · 7 comments · Fixed by #520
Labels
area/usability kind/bug kind/friction priority/P2

Comments

@alon-argus
Copy link
Contributor

From OpenID Connect specs:
OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-configuration to the Issuer.

I just tried to run dex-worker with these parameters:
/bin/dex-worker --listen=http://0.0.0.0:5556/auth --issuer=http://127.0.0.1:5556/auth ...

The dex-worker does do as expected and listens & serves the authentication endpoints under /auth path. However, apparently, the provider's configuration information (".well-known/openid-configuration" endpoint) is still located under the root path (That is, http://127.0.0.1:5556/.well-known/openid-configuration), and this violates the OpenID Connect clause that is quoted above.

Thanks guys :)
@sym3tri
Copy link

sym3tri commented Jul 5, 2016

Thanks for the issue. We do need to address this. In addition we need to do thorough testing to make sure Dex behaves properly if running on a non-root path (we have not yet validated this will work).

@ericchiang
Copy link
Contributor

A big issue is the HTML templates. Many of the template us hard coded paths.[0]

Consider either introducing a template function[1] to prepend a base path:

funcMap := template.FuncMap{
    "absPath": func(p string) string {
        return path.Join(issuerPath, p)
    },
}

or just pass paths into the template manually.

cc @xaka

[0] https://github.com/coreos/dex/blob/33010e22c48485ec20b38c8b25aa6b69ece91bab/static/html/register.html#L35
[1] https://golang.org/pkg/text/template/#Template.Funcs

@squat squat mentioned this issue Jul 22, 2016
Merged
@alon-argus
Copy link
Contributor Author

@ericchiang
#520 is fixing the html templates, but it's not dealing with the main routes (/.well-known/openid-configuration, /token, /keys, /api, etc.).
Running dex in a subdirectory is still not possible...

@ericchiang
Copy link
Contributor

Ah sorry. Will try to get a fix in tomorrow. Reopening.

@ericchiang ericchiang reopened this Jul 24, 2016
This was referenced Jul 25, 2016
Merged
Merged
@ericchiang
Copy link
Contributor

Another bug. Redirects are currently wrong and assume no one is trimming the path. For example [0]

[0] https://github.com/coreos/dex/blob/216d26913f449a3853cf58c5d0a2e1174ae50d47/server/password.go#L56-L62

@ericchiang ericchiang mentioned this issue Jul 25, 2016
Closed
@alon-argus
Copy link
Contributor Author

Awesome, it works for me either. Thanks a lot guys!
BTW, I'd be very happy if someone can trigger the build & push process to quay.io. :)

@ericchiang
Copy link
Contributor

@alon-argus apologies, we were having some issues with travis. quay.io/coreos/dex:latest should contain these changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/usability kind/bug kind/friction priority/P2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

backend: add absolute path to template links
3 participants
@sym3tri @ericchiang @alon-argus