shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: support path parameters in OAuth2 metadata endpoints (#19729)

Browse Source 
Update OAuth2 metadata endpoint routes to support path suffixes

This PR updates the OAuth2 metadata endpoint routes to include a wildcard character (*) at the end of the paths. This change allows the endpoints to match requests with path suffixes, making our OAuth2 discovery implementation more flexible and compliant with the relevant RFCs.

The updated routes are:
- `/.well-known/oauth-authorization-server*` for RFC 8414 discovery
- `/.well-known/oauth-protected-resource*` for RFC 9728 discovery
This commit is contained in:
Thomas Kosiewski
2025-09-08 14:21:57 +02:00
committed by GitHub
parent 6e33c38777
commit 2701d5588e
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
coderd/coderd.go
+6 -2
View File
@@ -948,9 +948,13 @@ func New(options *Options) *API {
}
// OAuth2 metadata endpoint for RFC 8414 discovery
r.Get("/.well-known/oauth-authorization-server", api.oauth2AuthorizationServerMetadata())
r.Route("/.well-known/oauth-authorization-server", func(r chi.Router) {
r.Get("/*", api.oauth2AuthorizationServerMetadata())
})
// OAuth2 protected resource metadata endpoint for RFC 9728 discovery
r.Get("/.well-known/oauth-protected-resource", api.oauth2ProtectedResourceMetadata())
r.Route("/.well-known/oauth-protected-resource", func(r chi.Router) {
r.Get("/*", api.oauth2ProtectedResourceMetadata())
})
// OAuth2 linking routes do not make sense under the /api/v2 path. These are
// for an external application to use Coder as an OAuth2 provider, not for