From 63304f86b369e3cfdc02e9cee7fbd57f16e6f7d0 Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Mon, 19 Jun 2023 11:29:47 -0400
Subject: [PATCH] Attempt to fix issue with external accounts (#5247)

---
 config/initializers/omniauth.rb | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index c06a0f6f..3cc65054 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -23,18 +23,24 @@ Rails.application.config.middleware.use OmniAuth::Builder do
   if lb.present?
     provider :openid_connect, setup: lambda { |env|
       request = Rack::Request.new(env)
-      current_provider = request.params['current_provider']
+      current_provider = request.params['current_provider'] || request.url&.split('.')&.first
       secret = Tenant.find_by(name: current_provider)&.client_secret
+      issuer_url = File.join issuer.to_s, "/#{current_provider}"
 
-      env['omniauth.strategy'].options[:issuer] = File.join issuer.to_s, "/#{current_provider}"
+      env['omniauth.strategy'].options[:issuer] = issuer_url
       env['omniauth.strategy'].options[:scope] = %i[openid email profile]
       env['omniauth.strategy'].options[:uid_field] = ENV.fetch('OPENID_CONNECT_UID_FIELD', 'preferred_username')
       env['omniauth.strategy'].options[:discovery] = true
       env['omniauth.strategy'].options[:client_options].identifier = ENV.fetch('OPENID_CONNECT_CLIENT_ID')
       env['omniauth.strategy'].options[:client_options].secret = secret
       env['omniauth.strategy'].options[:client_options].redirect_uri = File.join(
-        ENV.fetch('OPENID_CONNECT_REDIRECT', ''), 'auth', 'openid_connect', 'callback'
+        File.join('https://', "#{current_provider}.#{ENV.fetch('OPENID_CONNECT_REDIRECT', '')}", 'auth', 'openid_connect', 'callback')
       )
+      env['omniauth.strategy'].options[:client_options].authorization_endpoint = File.join(issuer_url, 'protocol', 'openid-connect', 'auth')
+      env['omniauth.strategy'].options[:client_options].token_endpoint = File.join(issuer_url, 'protocol', 'openid-connect', 'token')
+      env['omniauth.strategy'].options[:client_options].userinfo_endpoint = File.join(issuer_url, 'protocol', 'openid-connect', 'userinfo')
+      env['omniauth.strategy'].options[:client_options].jwks_uri = File.join(issuer_url, 'protocol', 'openid-connect', 'certs')
+      env['omniauth.strategy'].options[:client_options].end_session_endpoint = File.join(issuer_url, 'protocol', 'openid-connect', 'logout')
     }
   elsif issuer.present?
     provider :openid_connect,
-- 
GitLab