From c74a56b90726dbb49f82124e9370ab5b643243d7 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 28 Feb 2019 19:16:58 -0700 Subject: [PATCH] minor bugfix --- keyserve/keyserve.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/keyserve/keyserve.go b/keyserve/keyserve.go index fec27d7..e22a11e 100644 --- a/keyserve/keyserve.go +++ b/keyserve/keyserve.go @@ -41,7 +41,8 @@ type Middleware struct { // for Content-Type, and it doesn't add practical benefit, so we omit it // (JSON _is_ utf-8, per spec, already). -// Handler +// Handler will match either OIDC or Auth0 jwks URLs and return true if it +// matches on (and responds to) either. Otherwise it will return false. func (m *Middleware) Handler(w http.ResponseWriter, r *http.Request) bool { if strings.HasSuffix(r.URL.Path, jwksURL.Path) { @@ -68,6 +69,11 @@ func (m *Middleware) WellKnownOIDC(w http.ResponseWriter, r *http.Request) { baseURL = *m.BaseURL } else { baseURL = *r.URL + if nil == r.TLS && "https" != r.Header.Get("X-Forwarded-Proto") { + baseURL.Scheme = "http" + } else { + baseURL.Scheme = "https" + } baseURL.Host = r.Host baseURL.Path = strings.TrimSuffix(baseURL.Path, oidcURL.Path) } @@ -76,7 +82,7 @@ func (m *Middleware) WellKnownOIDC(w http.ResponseWriter, r *http.Request) { u := baseURL.ResolveReference(jwksURL) w.Header().Set("Content-Type", "application/json") - w.Write([]byte(fmt.Sprintf(`{ "issuer": %q, "jwks_uri": %q }`, baseURL, u))) + w.Write([]byte(fmt.Sprintf(`{ "issuer": %q, "jwks_uri": %q }`, baseURL.String(), u.String()))) } // WellKnownJWKs serves a JSON array of keys, no fluff