Wellknown

cmd/host.go

@@ -72,7 +72,7 @@ OAUTH2 CONTROLS
 - CONSENT_URL: The uri of the consent endpoint.
 	Example: CONSENT_URL=https://id.myapp.com/consent
 
-- ISSUER: The issuer is used for identification in all OAuth2 tokens.
+- ISSUER: The issuer is used for identification in all OAuth2 tokens. Should be the public url of the server.
 	Defaults to ISSUER=hydra.localhost
 
 - AUTH_CODE_LIFESPAN: Lifespan of OAuth2 authorize codes. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".

cmd/root.go

@@ -127,6 +127,9 @@ func initConfig() {
 		fmt.Println("")
 	}
 
+	iss := viper.Get("ISSUER")
+	viper.Set("ISSUER", strings.TrimSuffix(iss.(string), "/"))
+
 	if err := viper.Unmarshal(c); err != nil {
 		fatal(fmt.Sprintf("Could not read config because %s.", err))
 	}

cmd/server/handler_oauth2_factory.go

@@ -118,6 +118,7 @@ func newOAuth2Handler(c *config.Config, router *httprouter.Router, km jwk.Manage
 		H:                   herodot.NewJSONWriter(c.GetLogger()),
 		AccessTokenLifespan: c.GetAccessTokenLifespan(),
 		CookieStore:         sessions.NewCookieStore(c.GetCookieSecret()),
+		Issuer:              c.Issuer,
 	}
 
 	handler.SetRoutes(router)