fixes

Author: btoews

cmd/ssokenizer/main.go

@@ -70,7 +70,7 @@ func Run(ctx context.Context, args []string) error {
 }
 
 type Config struct {
-	// Full URL of the tokenizer service
+	// Full URL of the ssokenizer service
 	URL string `yaml:"url"`
 
 	// Tokenizer seal (public) key

etc/ssokenizer.yml

@@ -1,3 +1,6 @@
+# Full URL of the ssokenizer service
+url: "$SSOKENIZER_URL"
+
 # Public part of tokenizer's keypair
 seal_key: "$TOKENIZER_SEAL_KEY"
 
@@ -148,12 +151,12 @@ identity_providers:
     scopes:
       - "$GITHUB_AUTH_SCOPES"
 
-  vanta:
-    secret_auth:
-      bearer: "$PROXY_AUTH"
-    profile: vanta
-    client_id: "$VANTA_CLIENT_ID"
-    client_secret: "$VANTA_CLIENT_SECRET"
-    return_url: "$VANTA_RETURN_URL"
-    scopes:
-      - "$VANTA_AUTH_SCOPES"      
+  # vanta:
+  #   secret_auth:
+  #     bearer: "$PROXY_AUTH"
+  #   profile: vanta
+  #   client_id: "$VANTA_CLIENT_ID"
+  #   client_secret: "$VANTA_CLIENT_SECRET"
+  #   return_url: "$VANTA_RETURN_URL"
+  #   scopes:
+  #     - "$VANTA_AUTH_SCOPES"

oauth2/oauth2.go

@@ -128,7 +128,12 @@ func (p *Provider) handleCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	tok, err := p.OAuthConfig.Exchange(r.Context(), code, oauth2.AccessTypeOffline)
+	opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOffline}
+	if p.OAuthConfig.RedirectURL == "" {
+		opts = append(opts, oauth2.SetAuthURLParam("redirect_uri", p.URL.JoinPath(callbackPath).String()))
+	}
+
+	tok, err := p.OAuthConfig.Exchange(r.Context(), code, opts...)
 	if err != nil {
 		r = withError(r, fmt.Errorf("failed exchange: %w", err))
 		tr.ReturnError(w, r, "bad response")