From d220cb28f90d5635b8b30e80632572810280bcaa Mon Sep 17 00:00:00 2001
From: Thatsaphorn Atchariyaphap <thatsaphorn@outlook.de>
Date: Tue, 10 Jun 2025 21:46:22 +0200
Subject: [PATCH] Update `auth.lua` to dynamically set `redirect_uri` and
 disable SSL verification.

---
 auth.lua | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/auth.lua b/auth.lua
index 90c8b44..9644abc 100644
--- a/auth.lua
+++ b/auth.lua
@@ -1,12 +1,18 @@
 local openidc = require("resty.openidc")
 
+-- Determine the correct redirect URI
+local scheme = ngx.var.scheme
+local host = ngx.var.http_host
+local request_uri = ngx.var.request_uri
+local redirect_uri = scheme .. "://" .. host .. request_uri
+
 local opts = {
-  redirect_uri_path = "/redirect_uri",
+  redirect_uri = redirect_uri,  -- ✅ use full URI dynamically
   discovery = "https://kc.boomlab.party/realms/rhein-sw/.well-known/openid-configuration",
   client_id = "demo-sso",
   client_secret = os.getenv("KEYCLOAK_CLIENT_SECRET"),
-  redirect_uri_scheme = "http",
-  scope = "openid email profile"
+  scope = "openid email profile",
+  ssl_verify = "no"
 }
 
 local res, err = openidc.authenticate(opts)