fix(oidc): look at protocol to decide callback protocol

ankarhem · Oct 12, 2022 · 765c38b · 765c38b
1 parent 66fac20
commit 765c38b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/server/routes/auth.ts b/server/routes/auth.ts
@@ -434,7 +434,7 @@ authRoutes.get('/oidc-callback', async (req, res, next) => {
     return res.status(500).json({ error: 'OIDC sign-in is disabled.' });
   }
   const cookieState = req.cookies['oidc-state'];
-  const url = new URL(req.url, `http://${req.hostname}`);
+  const url = new URL(req.url, `${req.protocol}://${req.hostname}`);
   const state = url.searchParams.get('state');
 
   try {

diff --git a/server/utils/oidc.ts b/server/utils/oidc.ts
@@ -26,7 +26,7 @@ export async function getOIDCRedirectUrl(req: Request, state: string) {
 
   const callbackUrl = new URL(
     '/api/v1/auth/oidc-callback',
-    `http://${req.headers.host}`
+    `${req.protocol}://${req.headers.host}`
   ).toString();
   url.searchParams.set('redirect_uri', callbackUrl);
   url.searchParams.set('scope', 'openid profile email');