diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go index c025e9b44..094eceaf0 100644 --- a/internal/outpost/proxyv2/application/application.go +++ b/internal/outpost/proxyv2/application/application.go @@ -4,7 +4,6 @@ import ( "context" "crypto/tls" "encoding/gob" - "fmt" "net/http" "net/url" "regexp" @@ -70,7 +69,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore oauth2Config := oauth2.Config{ ClientID: *p.ClientId, ClientSecret: *p.ClientSecret, - RedirectURL: fmt.Sprintf("%s/akprox/callback", p.ExternalHost), + RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"), Endpoint: endpoint.Endpoint, Scopes: []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"}, } diff --git a/internal/outpost/proxyv2/application/utils.go b/internal/outpost/proxyv2/application/utils.go index f5b493296..019432d5c 100644 --- a/internal/outpost/proxyv2/application/utils.go +++ b/internal/outpost/proxyv2/application/utils.go @@ -3,13 +3,24 @@ package application import ( "fmt" "net/http" + "net/url" + "path" "strconv" "goauthentik.io/internal/outpost/proxyv2/constants" ) +func urlJoin(originalUrl string, newPath string) string { + u, err := url.Parse(originalUrl) + if err != nil { + return originalUrl + } + u.Path = path.Join(u.Path, newPath) + return u.String() +} + func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) { - authUrl := fmt.Sprintf("%s/akprox/start", a.proxyConfig.ExternalHost) + authUrl := urlJoin(a.proxyConfig.ExternalHost, "/akprox/start") http.Redirect(rw, r, authUrl, http.StatusFound) }