mock-oauth2-server
mock-oauth2-server copied to clipboard
navikt
Inconsistent IssuerUrl when setting the Host header
I'm seeing some strange behaviour affecting the issues url. When setting the host name to a name that does not contain a port, the issuer url seems to be set to the IP. When any port is included in the header, it uses the port on the supplied host (as you would expect).
Using:
docker network create localnet
docker run --rm --env SERVER_PORT=80 -p80:80 --expose 80 ghcr.io/navikt/mock-oauth2-server:0.5.1
docker run --network localnet --rm --env SERVER_PORT=80 -p80:80 --expose 80 --hostname oauth2 ghcr.io/navikt/mock-oauth2-server:0.5.1
Using oauth2:80, the issuer url is resolved to oauth2:
> docker run --rm --network localnet curlimages/curl:7.84.0 curl -H 'Host: oauth2:80' oauth2/default/.well-known/openid-configuration -s
{
"issuer" : "http://oauth2/default",
"authorization_endpoint" : "http://oauth2/default/authorize",
"end_session_endpoint" : "http://oauth2/default/endsession",
"token_endpoint" : "http://oauth2/default/token",
"userinfo_endpoint" : "http://oauth2/default/userinfo",
"jwks_uri" : "http://oauth2/default/jwks",
"introspection_endpoint" : "http://oauth2/default/introspect",
"response_types_supported" : [ "query", "fragment", "form_post" ],
"subject_types_supported" : [ "public" ],
"id_token_signing_alg_values_supported" : [ "ES256", "ES384", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512" ]
}
Using the host of the container oauth2, the issuer url is the host name of the client (in this case, the curl container):
> docker run --rm --network localnet curlimages/curl:7.84.0 curl -H 'Host: oauth2' oauth2/default/.well-known/openid-configuration -s
{
"issuer" : "http://25a6c016521e.localnet/default",
"authorization_endpoint" : "http://25a6c016521e.localnet/default/authorize",
"end_session_endpoint" : "http://25a6c016521e.localnet/default/endsession",
"token_endpoint" : "http://25a6c016521e.localnet/default/token",
"userinfo_endpoint" : "http://25a6c016521e.localnet/default/userinfo",
"jwks_uri" : "http://25a6c016521e.localnet/default/jwks",
"introspection_endpoint" : "http://25a6c016521e.localnet/default/introspect",
"response_types_supported" : [ "query", "fragment", "form_post" ],
"subject_types_supported" : [ "public" ],
"id_token_signing_alg_values_supported" : [ "ES256", "ES384", "RS256", "RS384", "RS512", "PS256", "PS384", "PS512" ]
}
I would expect that specifying the host with no port would produce an Issuer Url of that host!
Hello @andythorne! Thanks for opening the issue and thanks for using it :)
I see the issue..
but if i recon the issue from the past we added an environment env SEVER_HOSTNAME where you can define the host name, if not set the standalone server will return the ip, as your debug shows.
docker run --rm --env SERVER_PORT=80 --env SERVER_HOSTNAME=oauth2 -p80:80 --expose 80 ghcr.io/navikt/mock-oauth2-server:0.5.1
docker run --network localnet --rm --env SERVER_PORT=80 --env SERVER_HOSTNAME=oauth2 -p80:80 --expose 80 --hostname oauth2 ghcr.io/navikt/mock-oauth2-server:0.5.1
update, tried it locally and it seems to crash.. need some more investigation.
@andythorne have you tried to use --ipv4 flag on curl? or without the -H 'Host: oauth2' ?
no response, closing it for now. please feel free to reopen if the issue remains.