29 lines
867 B
Lua
29 lines
867 B
Lua
local openidc = require("resty.openidc")
|
|
|
|
-- Determine the correct redirect URI
|
|
local scheme = ngx.var.scheme
|
|
local host = ngx.var.http_host
|
|
local request_uri = ngx.var.request_uri
|
|
local redirect_uri = scheme .. "://" .. host .. request_uri
|
|
|
|
local opts = {
|
|
redirect_uri = redirect_uri, -- ✅ use full URI dynamically
|
|
discovery = "https://kc.boomlab.party/realms/rhein-sw/.well-known/openid-configuration",
|
|
client_id = "demo-sso",
|
|
client_secret = os.getenv("KEYCLOAK_CLIENT_SECRET"),
|
|
scope = "openid email profile",
|
|
ssl_verify = "no"
|
|
}
|
|
|
|
local res, err = openidc.authenticate(opts)
|
|
|
|
if err then
|
|
ngx.status = 403
|
|
ngx.say("Authentication failed: " .. err)
|
|
ngx.exit(ngx.HTTP_FORBIDDEN)
|
|
end
|
|
|
|
-- Optional: Forward useful info to upstream
|
|
ngx.req.set_header("X-User", res.user.preferred_username or "")
|
|
ngx.req.set_header("X-Email", res.user.email or "")
|