From 9684b66de9b8271b7b6f2b4c1197441a5bb0edae Mon Sep 17 00:00:00 2001
From: pkwiatkowski1 <126618572+pkwiatkowski1@users.noreply.github.com>
Date: Fri, 12 Jan 2024 13:13:35 -0500
Subject: [PATCH] fix: added oidc redirect url option for fulcio (#76)

* fix: added oidc redirect url option for fulcio

Signed-off-by: Patrick Kwiatkowski <patrick.r.kwiatkowski@lmco.com>

* Update fulcio.go

---------

Signed-off-by: Patrick Kwiatkowski <patrick.r.kwiatkowski@lmco.com>
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>
Co-authored-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
---
 signer/fulcio/fulcio.go | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/signer/fulcio/fulcio.go b/signer/fulcio/fulcio.go
index ff628ecc..fc4c55d8 100644
--- a/signer/fulcio/fulcio.go
+++ b/signer/fulcio/fulcio.go
@@ -105,6 +105,20 @@ func init() {
 				return fsp, nil
 			},
 		),
+		registry.StringConfigOption(
+			"oidc-redirect-url",
+			"OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.",
+			"",
+			func(sp signer.SignerProvider, oidcRedirectUrl string) (signer.SignerProvider, error) {
+				fsp, ok := sp.(FulcioSignerProvider)
+				if !ok {
+					return sp, fmt.Errorf("provided signer provider is not a fulcio signer provider")
+				}
+        
+        WithOidcRedirectUrl(oidcRedirectUrl)(&fsp)
+        return fsp, nil
+			},
+		),
 		registry.StringConfigOption(
 			"token-path",
 			"Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token)",
@@ -123,11 +137,12 @@ func init() {
 }
 
 type FulcioSignerProvider struct {
-	FulcioURL    string
-	OidcIssuer   string
-	OidcClientID string
-	Token        string
-	TokenPath    string
+	FulcioURL        string
+	OidcIssuer       string
+	OidcClientID     string
+	Token            string
+  	TokenPath        string
+	OidcRedirectUrl  string
 }
 
 type Option func(*FulcioSignerProvider)
@@ -156,6 +171,13 @@ func WithToken(tokenOption string) Option {
 	}
 }
 
+
+func WithOidcRedirectUrl(oidcRedirectUrl string) Option {
+	return func(fsp *FulcioSignerProvider) {
+		fsp.OidcRedirectUrl = oidcRedirectUrl
+	}
+}
+
 func WithTokenPath(tokenPathOption string) Option {
 	return func(fsp *FulcioSignerProvider) {
 		fsp.TokenPath = tokenPathOption
@@ -243,7 +265,7 @@ func (fsp FulcioSignerProvider) Signer(ctx context.Context) (cryptoutil.Signer,
 
 		raw = string(f)
 	case fsp.Token == "" && isatty.IsTerminal(os.Stdin.Fd()):
-		tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", "", oauthflow.DefaultIDTokenGetter)
+		tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", fsp.OidcRedirectUrl, oauthflow.DefaultIDTokenGetter)
 		if err != nil {
 			return nil, err
 		}