feat: custom redirect url

README.md

@@ -47,6 +47,7 @@ Moreover, to enable OpenID Connect authentication, the following additional conf
 | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------------- |
 | `OIDC_ENABLED`                          | Enable OpenID Connect                                                                                               | `True` \| `False`         |
 | `OIDC_PROVIDER_INFO_URL`                | OpenID Connect provider configuration url (aka. _well-known_ url)                                                   | [https://`host`:`port`/auth/realms/`realm`/.well-known/openid-configuration]() |
+| `OIDC_REDIRECT_URL`                     | OpenID Connect custom redirect URL if HOSTNAME not matching your login url                                          | [https://`host`]()        |
 | `OIDC_CLIENT_ID`                        | OpenID Connect Client ID for Mailu                                                                                  | `6779ef20e75817b79602`    |
 | `OIDC_CLIENT_SECRET`                    | OpenID Connect Client Secret for Mailu                                                                              | `3d66bbd6d0a69af62de7...` |
 | `OIDC_BUTTON_NAME`                      | Display text for the "login-with-OpenID" button                                                                     | `OpenID Connect`          |
@@ -65,6 +66,8 @@ Here is a snippet for easy copy paste:
 OIDC_ENABLED=True
 # OpenID Connect Provider configuration URL
 OIDC_PROVIDER_INFO_URL=https://<host>:<port>/auth/realms/.well-known/openid-configuration
+# OpenID redirect URL if HOSTNAME not matching your login url
+OIDC_REDIRECT_URL=https://mail.example.com
 # OpenID Connect Client id
 OIDC_CLIENT_ID=<CLIENT_ID>
 # OpenID Connect Client secret

core/admin/mailu/utils.py

@@ -166,8 +166,8 @@ def init_app(self, app):
         self.extension_client = ExtensionClient(client_authn_method=CLIENT_AUTHN_METHOD,settings=settings)
         self.extension_client.provider_config(app.config['OIDC_PROVIDER_INFO_URL'])
         self.change_password_url = app.config['OIDC_CHANGE_PASSWORD_REDIRECT_URL'] or (self.client.issuer + '/.well-known/change-password')
-
-        info = {"client_id": app.config['OIDC_CLIENT_ID'], "client_secret": app.config['OIDC_CLIENT_SECRET'], "redirect_uris": [ "https://" + self.app.config['HOSTNAME'] + "/sso/login" ]}
+        self.redirect_url = app.config['OIDC_REDIRECT_URL'] or ("https://" + self.app.config['HOSTNAME'])
+        info = {"client_id": app.config['OIDC_CLIENT_ID'], "client_secret": app.config['OIDC_CLIENT_SECRET'], "redirect_uris": [ self.redirect_url + "/sso/login" ]}
         client_reg = RegistrationResponse(**info)
         self.client.store_registration_info(client_reg)
         self.extension_client.store_registration_info(client_reg)
@@ -182,7 +182,7 @@ def get_redirect_url(self):
             "response_type": ["code"],
             "scope": ["openid", "email"],
             "nonce": f_session["nonce"],
-            "redirect_uri": "https://" + self.app.config['HOSTNAME'] + "/sso/login",
+            "redirect_uri": self.redirect_url + "/sso/login",
             "state": f_session["state"]
         }
 
@@ -263,7 +263,7 @@ def logout(self, id_token):
         args = {
             "state": state,
             "id_token_hint": id_token,
-            "post_logout_redirect_uri": "https://" + app.config['HOSTNAME'] + "/sso/logout",
+            "post_logout_redirect_uri": self.redirect_url + "/sso/logout",
             "client_id": self.client.client_id
         }