From c6ebd838e0ff8766dc2407a2aa5bb3b4569df9db Mon Sep 17 00:00:00 2001 From: Bobby DeSimone Date: Sat, 9 Nov 2019 16:43:44 -0800 Subject: [PATCH] bug: fix bad callback url for programmatic (#381) Signed-off-by: Bobby DeSimone --- authenticate/handlers.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authenticate/handlers.go b/authenticate/handlers.go index fb0e4d02d..4506aa4a0 100644 --- a/authenticate/handlers.go +++ b/authenticate/handlers.go @@ -118,7 +118,6 @@ func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) { // create a clone of the redirect URI, unless this is a programmatic request // in which case we will redirect back to proxy's callback endpoint callbackURL, _ := urlutil.DeepCopy(redirectURL) - callbackURL.Path = "/.pomerium/callback" q := redirectURL.Query() @@ -163,6 +162,8 @@ func (a *Authenticate) SignIn(w http.ResponseWriter, r *http.Request) { redirectURL.RawQuery = q.Encode() + callbackURL.Path = "/.pomerium/callback" + // build our hmac-d redirect URL with our session, pointing back to the // proxy's callback URL which is responsible for setting our new route-session uri := urlutil.SignedRedirectURL(a.sharedKey, callbackURL, redirectURL)