diff --git a/idp/dex/provider.go b/idp/dex/provider.go index 6c608dbf5..657674eba 100644 --- a/idp/dex/provider.go +++ b/idp/dex/provider.go @@ -398,7 +398,7 @@ func (p *Provider) Stop(ctx context.Context) error { // EnsureDefaultClients creates dashboard and CLI OAuth clients // Uses Dex's storage.Client directly - no custom wrappers -func (p *Provider) EnsureDefaultClients(ctx context.Context, dashboardURIs, cliURIs []string) error { +func (p *Provider) EnsureDefaultClients(ctx context.Context, dashboardURIs, cliURIs, proxyURIs []string) error { clients := []storage.Client{ { ID: "netbird-dashboard", @@ -412,6 +412,12 @@ func (p *Provider) EnsureDefaultClients(ctx context.Context, dashboardURIs, cliU RedirectURIs: cliURIs, Public: true, }, + { + ID: "netbird-proxy", + Name: "NetBird Proxy", + RedirectURIs: proxyURIs, + Public: true, + }, } for _, client := range clients { diff --git a/idp/sdk/sdk.go b/idp/sdk/sdk.go index d2189135b..aaa892b46 100644 --- a/idp/sdk/sdk.go +++ b/idp/sdk/sdk.go @@ -95,8 +95,8 @@ func (d *DexIdP) Stop(ctx context.Context) error { } // EnsureDefaultClients creates the default NetBird OAuth clients -func (d *DexIdP) EnsureDefaultClients(ctx context.Context, dashboardURIs, cliURIs []string) error { - return d.provider.EnsureDefaultClients(ctx, dashboardURIs, cliURIs) +func (d *DexIdP) EnsureDefaultClients(ctx context.Context, dashboardURIs, cliURIs, proxyURIs []string) error { + return d.provider.EnsureDefaultClients(ctx, dashboardURIs, cliURIs, proxyURIs) } // Storage exposes Dex storage for direct user/client/connector management diff --git a/management/server/idp/embedded.go b/management/server/idp/embedded.go index db7a91fa3..1b9d04061 100644 --- a/management/server/idp/embedded.go +++ b/management/server/idp/embedded.go @@ -18,6 +18,7 @@ import ( const ( staticClientDashboard = "netbird-dashboard" staticClientCLI = "netbird-cli" + staticClientProxy = "netbird-proxy" defaultCLIRedirectURL1 = "http://localhost:53000/" defaultCLIRedirectURL2 = "http://localhost:54000/" defaultScopes = "openid profile email groups" @@ -37,8 +38,10 @@ type EmbeddedIdPConfig struct { Storage EmbeddedStorageConfig // DashboardRedirectURIs are the OAuth2 redirect URIs for the dashboard client DashboardRedirectURIs []string - // DashboardRedirectURIs are the OAuth2 redirect URIs for the dashboard client + // CLIRedirectURIs are the OAuth2 redirect URIs for the CLI client CLIRedirectURIs []string + // ProxyRedirectURIs are the OAuth2 redirect URIs for the Proxy client + ProxyRedirectURIs []string // Owner is the initial owner/admin user (optional, can be nil) Owner *OwnerConfig // SignKeyRefreshEnabled enables automatic key rotation for signing keys @@ -119,6 +122,12 @@ func (c *EmbeddedIdPConfig) ToYAMLConfig() (*dex.YAMLConfig, error) { Public: true, RedirectURIs: cliRedirectURIs, }, + { + ID: staticClientProxy, + Name: "NetBird Proxy", + Public: true, + RedirectURIs: c.ProxyRedirectURIs, + }, }, } @@ -546,7 +555,7 @@ func (m *EmbeddedIdPManager) GetLocalKeysLocation() string { // GetClientIDs returns the OAuth2 client IDs configured for this provider. func (m *EmbeddedIdPManager) GetClientIDs() []string { - return []string{staticClientDashboard, staticClientCLI} + return []string{staticClientDashboard, staticClientCLI, staticClientProxy} } // GetUserIDClaim returns the JWT claim name used for user identification.