feat(api): Start work on delegated OIDC Handling

Author: batleforc

.env

@@ -13,7 +13,11 @@ VITE_OIDC_SCOPE="openid profile email groups"
 VITE_OIDC_SILENT_REFRESH="false"
 
 # Backend Environment Variables
+## Front OIDC Config
 API_OIDC_ISSUER_URL="https://authelia.k8s.localhost"
 API_OIDC_CLIENT_ID="proxyauthk8s"
 API_OIDC_SCOPE="openid profile email groups"
-API_OIDC_AUDIENCE="proxyauthk8s"
+API_OIDC_AUDIENCE="proxyauthk8s"
+
+## Cluster OIDC Config
+API_CLUSTER_OIDC_BASE_REDIRECT_URL="https://localhost:5437"

libs/common/src/lib.rs

@@ -14,6 +14,7 @@ pub struct State {
     pub client: Client,
     redis: Pool,
     pub oidc_client: oidc_conf::OidcConf,
+    pub oidc_cluster_redirect_base_url: String,
 }
 
 impl State {
@@ -31,11 +32,14 @@ impl State {
         match oidc_client.get_oidc_core().await {
             Ok(_) => info!("OIDC discovery successful"),
             Err(e) => panic!("OIDC discovery failed: {}", e),
-        }
+        };
+        let oidc_cluster_redirect_base_url = env::var("API_CLUSTER_OIDC_BASE_REDIRECT_URL")
+            .unwrap_or("https://localhost:5437".to_string());
         Self {
             client,
             redis: pool,
             oidc_client,
+            oidc_cluster_redirect_base_url,
         }
     }