From aa244c4ea944d6f6efd6750fe176ea9764587a3f Mon Sep 17 00:00:00 2001
From: Bruno Bernardino <me@brunobernardino.com>
Date: Fri, 6 Jun 2025 05:47:06 +0100
Subject: [PATCH] Hotfix for SSO behind a reverse proxy

Fixes #65
---
 lib/models/oidc.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/models/oidc.ts b/lib/models/oidc.ts
index cb2dccd..a217f7b 100644
--- a/lib/models/oidc.ts
+++ b/lib/models/oidc.ts
@@ -137,6 +137,7 @@ export class OidcModel {
 
     const config = await AppConfig.getConfig();
 
+    const baseUrl = config.auth.baseUrl;
     const oidcBaseUrl = config.auth.singleSignOnUrl;
     const emailAttribute = config.auth.singleSignOnEmailAttribute;
     const oidcOptions = oidcBaseUrl.startsWith('http://')
@@ -153,7 +154,7 @@ export class OidcModel {
 
     const tokens = await openIdClient.authorizationCodeGrant(
       oidcConfig,
-      new URL(request.url),
+      new URL(`${baseUrl}?${urlSearchParams.toString()}`),
       {
         pkceCodeVerifier: expectedCodeVerifier,
         expectedState,