fix: Account for baseurl with path in oidc metadata

famedly · May 17, 2024 · 75e65c7 · 75e65c7
1 parent 94ce66f
commit 75e65c7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -37,7 +37,8 @@ jwt:
   # Require tokens to have an expiry set, defaults to true (optional)
   require_expiry: true
 oidc:
-  issuer: "https://idp.example.com"
+  # Include trailing slash
+  issuer: "https://idp.example.com/"
   client_id: "<IDP client id>"
   client_secret: "<IDP client secret>"
   # Zitadel Organization ID, used for masking. (Optional)

diff --git a/synapse_token_authenticator/utils.py b/synapse_token_authenticator/utils.py
@@ -18,7 +18,7 @@ def __init__(self, issuer: str, configuration: dict):
 
 async def get_oidp_metadata(issuer, client) -> OpenIDProviderMetadata:
     config = await client.get_json(
-        urljoin(issuer, "/.well-known/openid-configuration"),
+        urljoin(issuer, ".well-known/openid-configuration"),
     )
     return OpenIDProviderMetadata(issuer, config)