OAuth - custom redirect_url for proxys
oxygen50 opened this issue · comments
Is your feature request related to a problem? Please describe.
When connecting a proxy inbetween the user and the application this occurrs. As the app has a internal dns entry and a public dns entries the proxy handels the forwarding. The used proxy is Application Proxy by Microsoft.
https://learn.microsoft.com/en-us/entra/identity/app-proxy/application-proxy
This proxy puts a "layer on top" of Thruk and provides a secure way to access apps via the microsoft datacenter and OAuth2 preconfigured by microsoft. After this layer the OAuth2 via Thruk can be configured. However this needs the external dns entry, but thruk only takes the loginpage url which is the internal proxy url. Therefore we need to modify thruk to include the option to modify this entry to custom.
The error is this:
Something like this is the workflow of application proxy.
User -> Public DNS Entry -> OAuth via Microsoft (DDOS etc.) -> Login via Microsoft -> App proxy internal url -> Thruk -> Login via OAuth2 by Thruk -> UI
Describe the solution you'd like
Add to OAuth.pm & Documentation the following.
Adds a read from the config file to read the parameter redirect_url
this redirect url can be configured inside the application with microsoft.
Line 60 to 67
my $res = $ua->post($auth->{'token_url'}, {
client_id => $auth->{'client_id'},
client_secret => $auth->{'client_secret'},
code => $code,
redirect_uri => $auth->{'redirect_url'},
state => $state,
grant_type => 'authorization_code',
});
Line 150 to 156
my $oauth_login_url = Thruk::Utils::Filter::uri_with($c, {
client_id => $auth->{'client_id'},
scope => $auth->{'scopes'},
state => $state,
response_type => 'code',
redirect_uri => $auth->{'redirect_url'},
}, 1, $auth->{'auth_url'}, 1);
Describe alternatives you've considered
There are no alternatives to make oauth2 work with azure application proxy and the native thruk oauth plugin.
Additional context
See above.