liweitianux commented on code in PR #7690:
URL: https://github.com/apache/apisix/pull/7690#discussion_r1396863414
##########
apisix/plugins/openid-connect.lua:
##########
@@ -263,7 +263,22 @@ function _M.rewrite(plugin_conf, ctx)
end
if not conf.redirect_uri then
- conf.redirect_uri = ctx.var.request_uri
+ -- NOTE: 'lua-resty-openidc' requires that 'redirect_uri' be
+ -- different from 'uri'. So default to append the
+ -- '.apisix/redirect' suffix if not configured.
+ local suffix = "/.apisix/redirect"
+ local uri = ctx.var.uri
+ if core.string.has_suffix(uri, suffix) then
+ -- This is the redirection response from the OIDC provider.
+ conf.redirect_uri = uri
+ else
+ if string.sub(uri, -1, -1) == "/" then
+ conf.redirect_uri = string.sub(uri, 1, -2) .. suffix
+ else
+ conf.redirect_uri = uri .. suffix
+ end
+ end
+ core.log.debug("auto set redirect_uri: ", conf.redirect_uri)
Review Comment:
I don't think we can set a proper default value for `redirect_uri`, because
a plugin can be configured globally, per-route, and per-service. An exception
is that the `openid-connect` plugin is configured for a specific route, so we
can determine a `redirect_uri` that's covered by the route.
Please correct me if I'm mistaken.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
