satellite/oidc: include nodeURL in oidc configuration

By including NodeURL in the OIDC well-known configuration, we're able to discover the NodeURL for a given HTTP address without any client side assumptions or needing to make a drpc to discover this. Instead, it's included in a call that is already made by an OIDC/OAuth enabled client. Change-Id: If00f31665ca69b1f522e26fec825b29ad03fe7f9
2022-09-12 11:23:36 -05:00 · 2022-09-12 11:23:36 -05:00 · 6d017a1a92
commit 6d017a1a92
parent ad83fd893b
2 changed files with 9 additions and 3 deletions
--- a/satellite/console/consoleweb/server.go
+++ b/satellite/console/consoleweb/server.go
@ -321,8 +321,11 @@ func NewServer(logger *zap.Logger, config Config, service *console.Service, oidc
 	analyticsRouter.HandleFunc("/page", analyticsController.PageEventTriggered).Methods(http.MethodPost)

 	if server.config.StaticDir != "" {
-		oidc := oidc.NewEndpoint(server.config.ExternalAddress, logger, oidcService, service,
-			server.config.OauthCodeExpiry, server.config.OauthAccessTokenExpiry, server.config.OauthRefreshTokenExpiry)
+		oidc := oidc.NewEndpoint(
+			server.nodeURL, server.config.ExternalAddress,
+			logger, oidcService, service,
+			server.config.OauthCodeExpiry, server.config.OauthAccessTokenExpiry, server.config.OauthRefreshTokenExpiry,
+		)

 		router.HandleFunc("/.well-known/openid-configuration", oidc.WellKnownConfiguration)
 		router.Handle("/oauth/v2/authorize", server.withAuth(http.HandlerFunc(oidc.AuthorizeUser))).Methods(http.MethodPost)
--- a/satellite/oidc/endpoint.go
+++ b/satellite/oidc/endpoint.go
@ -18,6 +18,7 @@ import (
 	"github.com/spacemonkeygo/monkit/v3"
 	"go.uber.org/zap"

+	"storj.io/common/storj"
 	"storj.io/common/uuid"
 	"storj.io/storj/satellite/console"
 )
@ -28,7 +29,7 @@ var (

 // NewEndpoint constructs an OpenID identity provider.
 func NewEndpoint(
-	externalAddress string, log *zap.Logger,
+	nodeURL storj.NodeURL, externalAddress string, log *zap.Logger,
 	oidcService *Service, service *console.Service,
 	codeExpiry, accessTokenExpiry, refreshTokenExpiry time.Duration,
 ) *Endpoint {
@ -69,6 +70,7 @@ func NewEndpoint(
 		server:      svr,
 		log:         log,
 		config: ProviderConfig{
+			NodeURL:     nodeURL.String(),
 			Issuer:      externalAddress,
 			AuthURL:     externalAddress + "oauth/v2/authorize",
 			TokenURL:    externalAddress + "oauth/v2/tokens",
@ -213,6 +215,7 @@ func (e *Endpoint) GetClient(w http.ResponseWriter, r *http.Request) {

 // ProviderConfig defines a subset of elements used by OIDC to auto-discover endpoints.
 type ProviderConfig struct {
+	NodeURL     string `json:"node_url"`
 	Issuer      string `json:"issuer"`
 	AuthURL     string `json:"authorization_endpoint"`
 	TokenURL    string `json:"token_endpoint"`