From d6bea7c09504d206f1627b2e07f589aeac13b3b0 Mon Sep 17 00:00:00 2001
From: Simao Gomes Viana <simao.gomes@toowoxx.de>
Date: Tue, 1 Mar 2022 14:14:48 +0100
Subject: [PATCH] Add support for custom callback URI

Fixes: #64
---
 caddyfile_authn.go          |  1 +
 caddyfile_authn_backends.go |  2 +-
 caddyfile_authn_test.go     | 25 +++++++++++++++++++++++++
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/caddyfile_authn.go b/caddyfile_authn.go
index 07453ce..df6fed6 100644
--- a/caddyfile_authn.go
+++ b/caddyfile_authn.go
@@ -57,6 +57,7 @@ const (
 //       disable metadata_discovery
 //       authorization_url <authorization_url>
 //       disable key_verification
+//       callback_url <callback_url>
 //     }
 //
 //     backend gitlab {
diff --git a/caddyfile_authn_backends.go b/caddyfile_authn_backends.go
index d86a5f9..293474c 100644
--- a/caddyfile_authn_backends.go
+++ b/caddyfile_authn_backends.go
@@ -130,7 +130,7 @@ func parseCaddyfileAuthPortalBackends(h *caddyfile.Dispenser, repl *caddy.Replac
 			case "idp_metadata_location", "idp_sign_cert_location", "tenant_id", "idp_login_url",
 				"application_id", "application_name", "entity_id", "domain_name",
 				"client_id", "client_secret", "server_id", "base_auth_url", "metadata_url",
-				"identity_token_name", "authorization_url", "token_url":
+				"identity_token_name", "authorization_url", "token_url", "callback_url":
 				if !h.NextArg() {
 					return backendValueErr(h, backendName, backendArg)
 				}
diff --git a/caddyfile_authn_test.go b/caddyfile_authn_test.go
index aa2bf80..f957da3 100644
--- a/caddyfile_authn_test.go
+++ b/caddyfile_authn_test.go
@@ -133,6 +133,17 @@ func TestParseCaddyfileAuthentication(t *testing.T) {
                     server_id default
                     scopes openid email profile groups
                   }
+                  oidc_backend {
+                    method oauth2
+                    realm oidc
+                    provider generic
+                    client_id 42246c62-c07a-43b4-9b32-976e517fd2a9
+                    client_secret d09511fd-8945-47fe-b78c-3dd2d1708184
+                    scopes openid
+                    base_auth_url https://auth.example.com/
+                    metadata_url https://auth.example.com/.well-known/openid-configuration
+                    callback_url /custom-callback
+                  }
                 }
               }
             }`),
@@ -284,6 +295,20 @@ func TestParseCaddyfileAuthentication(t *testing.T) {
                           "server_id": "default",
 						  "scopes": ["openid", "email", "profile", "groups"]
                         }
+                      },
+                      {
+                        "oauth2": {
+                          "name": "oidc_backend",
+                          "method": "oauth2",
+                          "realm": "oidc",
+                          "provider": "generic",
+                          "client_id": "42246c62-c07a-43b4-9b32-976e517fd2a9",
+                          "client_secret": "d09511fd-8945-47fe-b78c-3dd2d1708184",
+                          "scopes": ["openid"],
+                          "base_auth_url": "https://auth.example.com/",
+                          "metadata_url": "https://auth.example.com/.well-known/openid-configuration",
+                          "callback_url": "/custom-callback"
+                        }
                       }
                     ],
                     "token_validator_options": {