How to modify the redirect_uri?

[vijiv6190]

After adding ngx_openidc_module, it is defaulting the redirect uri to http:///openid-connect/redirect_uri. Is there a way that we can specify/modify this url in the configuration ?(We can provide this redirect_uri in earlier module lua-resty-openidc). And in place of provider.json (OpenIDCProvider file /etc/nginx/conf.d/provider.json) how to use url endpoint?

[zandbelt]

You should be able to use:

   OpenIDCConfig redirect_uri=<url>

where the <url> value can be an absolute URL or a relative path

Unfortunately resolving the Provider Discovery document from a URL is not yet implemented. liboauth2 would need a small update for that, I hope to do that soonish. For now you should setup an external process that will pull metadata into a file on a regular basis.

Apologies for the lack of documentation: it should be improved over time, your help is welcome

[vijiv6190]

Thanks for your input. After adding OpenIDCConfig redirect_uri=, default redirect uri got changed and also recieved the response from SSO client. However,after receiving the successful response, it is again forwarding the request to same redirect uri instead of original url (proxy pass url). Can you suggest the configuration change that is required to forward the request back to original url.

[zandbelt]

the redirect back from the OP is supposed to go through the call back URL (=redirect URI) first; after processing the authentication response it will then redirect back a 2nd time to the original URL

I'd need a full server debug log to analyze what is happening and why you're not getting the 2nd redirect

[vijiv6190]

Please find the server logs below. Here after authentication response, it is redirecting back to redirect URL /uri. But my proxy_pass url which is mentioned in nginx.conf is different ( proxy_pass http://logs/headers$is_args$args)

2023/04/14 14:27:10 [error] 196252#0: *13762 open() "/usr/share/nginx/html/logs" failed (2: No such file or directory), client: xx.xxx.xxx.xxx,
server: xxx.xxxx.xxx, request: "GET /logs HTTP/1.1", host: "xxx.xxxx.xxx"
2023/04/14 14:28:05 [info] 196252#0: *13762 client xx.xxx.xxx.xxx closed keepalive connection (104: Connection reset by peer)
2023/04/14 14:32:49 [error] 196252#0: *13891 open() "/usr/share/nginx/html/uri" failed (2: No such file or directory), client: xx.xxx.xxx.xxx,
server: xxx.xxxx.xxx, request: "GET /uri?code=xxxxxxxxxxxxxxxx HTTP/1.1", host: "xxxxx.xxxx.xxx",
referrer: "https://xxxx.xxx.xxxx.duosecurity.com/"
2023/04/14 14:33:44 [info] 196252#0: *13891 client xx.xxx.xxx.xxx closed keepalive connection (104: Connection reset by peer)
2023/04/14 14:34:55 [error] 196252#0: *13948 open() "/usr/share/nginx/html/uri" failed (2: No such file or directory), client: xx.xxx.xxx.xxx,
server: xxx.xxxx.xxx, request: "GET /uri?code=xxxxxxxxxxxxxxxx HTTP/1.1",
host: "xxx.xxxx.xxx", referrer: "https://xxxx.xxx.xxx.duosecurity.com/"

[zandbelt]

you need to make sure that the "/uri" location also has the OIDC primitives set

[vijiv6190]

Below specifications needs to be done for /uri as well?