[BUG] OIDC redirect_uri is using wrong scheme and port #523
Description
Title
OIDC redirect_uri is using wrong scheme and port
Platform
Website - Other Browser
Server Installation Method
Docker
Version
dev-1.11.2
Troubleshooting
- I have examined logs and tried to find the issue
- I have reviewed opened and closed issues
- I have tried restarting the application
- I have read Known Issues (Known Issues (Read Before Posting) #296)
The Problem
I have Termix configured with PocketID as OIDC provider.
The configuration is as follows:
- Termix runs on my NAS which is a Linux machine. The docker container does not expose port to the host.
- A Zoraxy container runs on the same machine, and it joins the same docker network with Termix. It can reach Termix using
Termix:8080. The reverse proxy exposeshttps://termix.internal.example.com:8443to LAN, and it has valid SSL certificate issued.
It worked with latest image. But in order to bypass #500 , I tried to use the dev-1.11.2 docker image. After switching, Termix began to redirect users to OIDC provider with redirect_uri set to http://termix.internal.example.com/users/oidc/callback. I think this is because SSL is terminated at the reverse proxy, and the proxy then connects to Termix using plain HTTP, so the scheme (protocol) Termix is seeing is http.
Previously Termix can correctly set redirect_uri to https://termix.internal.example.com:8443/users/oidc/callback. This is due to it using Origin instead of building a URL string out of different sources. I think the related code is here: https://github.com/Termix-SSH/Termix/blame/6abfd98f3d2d420539a986d58d1ff1e3f3965cfd/src/backend/database/routes/users.ts#L822
How to Reproduce
- Configure a reverse proxy to use HTTPS and a different port than Termix.
- Configure OIDC.
- Try to login.
Additional Context
If I manually change redirect_uri to the correct URI my OIDC provider requires, I can correctly login.