diff --git a/management/cmd/management.go b/management/cmd/management.go index cfc00b6bd..00b6805a4 100644 --- a/management/cmd/management.go +++ b/management/cmd/management.go @@ -16,6 +16,7 @@ import ( "strings" "syscall" + "github.com/netbirdio/netbird/management/server/types" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -220,7 +221,7 @@ func applyEmbeddedIdPConfig(ctx context.Context, cfg *nbconfig.Config) error { cfg.HttpConfig.OIDCConfigEndpoint = issuer + "/.well-known/openid-configuration" cfg.HttpConfig.IdpSignKeyRefreshEnabled = true callbackURL := strings.TrimSuffix(cfg.HttpConfig.AuthIssuer, "/oauth2") - cfg.HttpConfig.AuthCallbackURL = callbackURL + "/api/oauth/callback" + cfg.HttpConfig.AuthCallbackURL = callbackURL + types.ProxyCallbackEndpoint return nil } diff --git a/management/server/http/handler.go b/management/server/http/handler.go index 5049ac25c..d3d6dc3df 100644 --- a/management/server/http/handler.go +++ b/management/server/http/handler.go @@ -9,6 +9,7 @@ import ( "time" "github.com/gorilla/mux" + "github.com/netbirdio/netbird/management/server/types" "github.com/rs/cors" log "github.com/sirupsen/logrus" @@ -83,7 +84,7 @@ func NewAPIHandler(ctx context.Context, accountManager account.Manager, networks return nil, fmt.Errorf("failed to add bypass path: %w", err) } // OAuth callback for proxy authentication - if err := bypass.AddBypassPath("/api/oauth/callback"); err != nil { + if err := bypass.AddBypassPath(types.ProxyCallbackEndpoint); err != nil { return nil, fmt.Errorf("failed to add bypass path: %w", err) } diff --git a/management/server/idp/embedded.go b/management/server/idp/embedded.go index b2ab94d69..e6586310a 100644 --- a/management/server/idp/embedded.go +++ b/management/server/idp/embedded.go @@ -9,6 +9,7 @@ import ( "github.com/dexidp/dex/storage" "github.com/google/uuid" + "github.com/netbirdio/netbird/management/server/types" log "github.com/sirupsen/logrus" "github.com/netbirdio/netbird/idp/dex" @@ -94,7 +95,7 @@ func (c *EmbeddedIdPConfig) ToYAMLConfig() (*dex.YAMLConfig, error) { // Build dashboard redirect URIs including the OAuth callback for proxy authentication dashboardRedirectURIs := c.DashboardRedirectURIs baseURL := strings.TrimSuffix(c.Issuer, "/oauth2") - dashboardRedirectURIs = append(dashboardRedirectURIs, baseURL+"/api/oauth/callback") + dashboardRedirectURIs = append(dashboardRedirectURIs, baseURL+types.ProxyCallbackEndpoint) cfg := &dex.YAMLConfig{ Issuer: c.Issuer, diff --git a/management/server/types/proxy.go b/management/server/types/proxy.go new file mode 100644 index 000000000..69582a963 --- /dev/null +++ b/management/server/types/proxy.go @@ -0,0 +1,4 @@ +package types + +// ProxyCallbackEndpoint holds the proxy callback endpoint +const ProxyCallbackEndpoint = "/api/reverse-proxy/callback"