From bcdcdc42d43abfb59692676832d76b2d2bacc086 Mon Sep 17 00:00:00 2001
From: Markbeep <mrkswrn@gmail.com>
Date: Sun, 16 Mar 2025 21:19:18 +0100
Subject: [PATCH] use request.url instead of base_url

---
 .env.local          |  1 +
 app/routers/auth.py | 18 +++++++++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/.env.local b/.env.local
index 86d17bd..e2fcf29 100644
--- a/.env.local
+++ b/.env.local
@@ -1,3 +1,4 @@
 ABR_APP__CONFIG_DIR=config # Path to the config directory. Default: /config
 ABR_APP__DEBUG=true # Default: false
 ABR_APP__OPENAPI_ENABLED=true # Default: false
+ABR_APP__LOG_LEVEL=DEBUG
diff --git a/app/routers/auth.py b/app/routers/auth.py
index 8adabd9..44ac284 100644
--- a/app/routers/auth.py
+++ b/app/routers/auth.py
@@ -1,8 +1,9 @@
 import base64
+import logging
 import secrets
 import time
 from typing import Annotated, Optional
-from urllib.parse import urlencode
+from urllib.parse import urlencode, urljoin
 
 from aiohttp import ClientSession
 from fastapi import APIRouter, Depends, Form, HTTPException, Request, Response, status
@@ -27,6 +28,8 @@ from app.util.toast import ToastException
 
 router = APIRouter(prefix="/auth")
 
+logger = logging.getLogger(__name__)
+
 
 @router.get("/login")
 async def login(
@@ -57,11 +60,16 @@ async def login(
         if not client_id:
             raise InvalidOIDCConfiguration("Missing OIDC client ID")
 
-        base_url = str(request.base_url).rstrip("/")
+        auth_redirect_uri = urljoin(str(request.url), "/auth/oidc")
+
+        logger.info(f"Redirecting to OIDC login: {authorize_endpoint}")
+        logger.info(f"Redirect URI: {auth_redirect_uri}")
+        logger.debug(f"{request.url.is_secure = }")
+
         params = {
             "response_type": "code",
             "client_id": client_id,
-            "redirect_uri": f"{base_url}/auth/oidc",
+            "redirect_uri": auth_redirect_uri,
             "scope": scope,
             "state": redirect_uri,
         }
@@ -147,14 +155,14 @@ async def login_oidc(
     if not username_claim:
         raise InvalidOIDCConfiguration("Missing OIDC username claim")
 
-    base_url = str(request.base_url).rstrip("/")
+    auth_redirect_uri = urljoin(str(request.url), "/auth/oidc")
 
     data = {
         "grant_type": "authorization_code",
         "code": code,
         "client_id": client_id,
         "client_secret": client_secret,
-        "redirect_uri": f"{base_url}/auth/oidc",
+        "redirect_uri": auth_redirect_uri,
     }
     async with client_session.post(
         token_endpoint,