From 0aba20f85c420cb13ca5b9fcebf0408c29e0c6d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonne=20Ha=C3=9F?= <me@jhass.eu>
Date: Sat, 24 Oct 2020 22:30:43 +0200
Subject: [PATCH] OpenID Connect: ensure consistent issuer URL

root_url does not know the right protocol in all contexts,
some clients are strict when validating this.
---
 app/controllers/api/openid_connect/discovery_controller.rb      | 2 +-
 lib/api/openid_connect/id_token.rb                              | 2 +-
 .../controllers/api/openid_connect/discovery_controller_spec.rb | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/openid_connect/discovery_controller.rb b/app/controllers/api/openid_connect/discovery_controller.rb
index ee93eb840..ada230d88 100644
--- a/app/controllers/api/openid_connect/discovery_controller.rb
+++ b/app/controllers/api/openid_connect/discovery_controller.rb
@@ -28,7 +28,7 @@ module Api
     class DiscoveryController < ApplicationController
       def configuration
         render json: OpenIDConnect::Discovery::Provider::Config::Response.new(
-          issuer:                                      root_url,
+          issuer:                                      AppConfig.environment.url,
           registration_endpoint:                       api_openid_connect_clients_url,
           authorization_endpoint:                      new_api_openid_connect_authorization_url,
           token_endpoint:                              api_openid_connect_access_tokens_url,
diff --git a/lib/api/openid_connect/id_token.rb b/lib/api/openid_connect/id_token.rb
index 44b957790..231507a29 100644
--- a/lib/api/openid_connect/id_token.rb
+++ b/lib/api/openid_connect/id_token.rb
@@ -53,7 +53,7 @@ module Api
       def claims
         sub = build_sub
         @claims ||= {
-          iss:       Rails.application.routes.url_helpers.root_url,
+          iss:       AppConfig.environment.url,
           sub:       sub,
           aud:       @authorization.o_auth_application.client_id,
           exp:       @expires_at.to_i,
diff --git a/spec/controllers/api/openid_connect/discovery_controller_spec.rb b/spec/controllers/api/openid_connect/discovery_controller_spec.rb
index a67463f9d..ad74e1d68 100644
--- a/spec/controllers/api/openid_connect/discovery_controller_spec.rb
+++ b/spec/controllers/api/openid_connect/discovery_controller_spec.rb
@@ -8,7 +8,7 @@ describe Api::OpenidConnect::DiscoveryController, type: :controller do
 
     it "should have the issuer as the root url" do
       json_body = JSON.parse(response.body)
-      expect(json_body["issuer"]).to eq(root_url)
+      expect(json_body["issuer"]).to eq(AppConfig.environment.url)
     end
 
     it "should have the appropriate user info endpoint" do