fix: normalize OAuth discovery URLs to use host_name config#186
Conversation
|
Thanks for picking this up — I hit the same issue on a customer's GKE deployment (Gateway API in front, plain HTTP to the Frappe nginx pod) and your fix would have resolved it. A couple of suggestions before this lands: 1. The PR includes unrelated changes from a stale
|
4b0b595 to
190e961
Compare
- Use host_name from site config if available - Force https:// when host_name is configured - Fixes http -> https mismatch for production deployments - Fixes buildswithpaul#156
- Add _get_public_base_url() helper that respects host_name and force_https - Replace get_server_url() at all 5 call sites in oauth_discovery.py - Override Frappe-inherited URL keys in both openid_configuration() and authorization_server_metadata() to ensure issuer consistency - Drop trailing slash on issuer per RFC 8414 - Fixes buildswithpaul#156
01d1c26 to
3b23ba4
Compare
Summary
OAuth discovery endpoint was returning http:// URLs even when host_name
was configured as https://. This breaks hosted OAuth clients like Claude
that reject non-HTTPS token endpoints.
Type of Change
Related Issues
Fixes #156
Checklist
developbranch (notmain)