Move public base URL from oauth2 config to http config

crates/handlers/src/oauth2/discovery.rs

@@ -14,7 +14,7 @@
 
 use std::collections::HashSet;
 
-use mas_config::OAuth2Config;
+use mas_config::HttpConfig;
 use mas_iana::{
     jose::JsonWebSignatureAlg,
     oauth::{
@@ -23,6 +23,7 @@ use mas_iana::{
     },
 };
 use mas_jose::SigningKeystore;
+use mas_warp_utils::filters::url_builder::UrlBuilder;
 use oauth2_types::{
     oidc::{ClaimType, Metadata, SubjectType},
     requests::{Display, GrantType, ResponseMode},
@@ -32,9 +33,9 @@ use warp::{filters::BoxedFilter, Filter, Reply};
 #[allow(clippy::too_many_lines)]
 pub(super) fn filter(
     key_store: impl SigningKeystore,
-    config: &OAuth2Config,
+    http_config: &HttpConfig,
 ) -> BoxedFilter<(Box<dyn Reply>,)> {
-    let base = config.issuer.clone();
+    let builder = UrlBuilder::from(http_config);
 
     // This is how clients can authenticate
     let client_auth_methods_supported = Some({
@@ -62,12 +63,12 @@ pub(super) fn filter(
     let jwt_signing_alg_values_supported = Some(key_store.supported_algorithms());
 
     // Prepare all the endpoints
-    let issuer = Some(base.clone());
-    let authorization_endpoint = base.join("oauth2/authorize").ok();
-    let token_endpoint = base.join("oauth2/token").ok();
-    let jwks_uri = base.join("oauth2/keys.json").ok();
-    let introspection_endpoint = base.join("oauth2/introspect").ok();
-    let userinfo_endpoint = base.join("oauth2/userinfo").ok();
+    let issuer = Some(builder.oidc_issuer());
+    let authorization_endpoint = Some(builder.oauth_authorization_endpoint());
+    let token_endpoint = Some(builder.oauth_token_endpoint());
+    let jwks_uri = Some(builder.jwks_uri());
+    let introspection_endpoint = Some(builder.oauth_introspection_endpoint());
+    let userinfo_endpoint = Some(builder.oidc_userinfo_endpoint());
 
     let scopes_supported = Some({
         let mut s = HashSet::new();

crates/handlers/src/oauth2/introspection.rs

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use mas_config::{OAuth2ClientConfig, OAuth2Config};
+use mas_config::{HttpConfig, OAuth2ClientConfig, OAuth2Config};
 use mas_data_model::TokenType;
 use mas_iana::oauth::{OAuthClientAuthenticationMethod, OAuthTokenTypeHint};
 use mas_storage::oauth2::{
@@ -20,18 +20,20 @@ use mas_storage::oauth2::{
 };
 use mas_warp_utils::{
     errors::WrapError,
-    filters::{client::client_authentication, database::connection},
+    filters::{client::client_authentication, database::connection, url_builder::UrlBuilder},
 };
 use oauth2_types::requests::{IntrospectionRequest, IntrospectionResponse};
 use sqlx::{pool::PoolConnection, PgPool, Postgres};
 use tracing::{info, warn};
 use warp::{filters::BoxedFilter, Filter, Rejection, Reply};
 
-pub fn filter(pool: &PgPool, oauth2_config: &OAuth2Config) -> BoxedFilter<(Box<dyn Reply>,)> {
-    let audience = oauth2_config
-        .issuer
-        .join("/oauth2/introspect")
-        .unwrap()
+pub fn filter(
+    pool: &PgPool,
+    oauth2_config: &OAuth2Config,
+    http_config: &HttpConfig,
+) -> BoxedFilter<(Box<dyn Reply>,)> {
+    let audience = UrlBuilder::from(http_config)
+        .oauth_introspection_endpoint()
         .to_string();
 
     warp::path!("oauth2" / "introspect")

crates/handlers/src/oauth2/mod.rs

@@ -15,7 +15,7 @@
 use std::sync::Arc;
 
 use hyper::Method;
-use mas_config::{CookiesConfig, OAuth2Config};
+use mas_config::{CookiesConfig, HttpConfig, OAuth2Config};
 use mas_jose::StaticKeystore;
 use mas_templates::Templates;
 use mas_warp_utils::filters::cors::cors;
@@ -41,14 +41,15 @@ pub fn filter(
     templates: &Templates,
     key_store: &Arc<StaticKeystore>,
     oauth2_config: &OAuth2Config,
+    http_config: &HttpConfig,
     cookies_config: &CookiesConfig,
 ) -> BoxedFilter<(impl Reply,)> {
-    let discovery = discovery(key_store.as_ref(), oauth2_config);
+    let discovery = discovery(key_store.as_ref(), http_config);
     let keys = keys(key_store);
     let authorization = authorization(pool, templates, oauth2_config, cookies_config);
     let userinfo = userinfo(pool, oauth2_config);
-    let introspection = introspection(pool, oauth2_config);
-    let token = token(pool, key_store, oauth2_config);
+    let introspection = introspection(pool, oauth2_config, http_config);
+    let token = token(pool, key_store, oauth2_config, http_config);
 
     let filter = discovery
         .or(keys)

crates/handlers/src/oauth2/token.rs

@@ -19,7 +19,7 @@ use chrono::{DateTime, Duration, Utc};
 use data_encoding::BASE64URL_NOPAD;
 use headers::{CacheControl, Pragma};
 use hyper::StatusCode;
-use mas_config::{OAuth2ClientConfig, OAuth2Config};
+use mas_config::{HttpConfig, OAuth2ClientConfig, OAuth2Config};
 use mas_data_model::{AuthorizationGrantStage, TokenType};
 use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod};
 use mas_jose::{
@@ -37,7 +37,7 @@ use mas_storage::{
 };
 use mas_warp_utils::{
     errors::WrapError,
-    filters::{client::client_authentication, database::connection},
+    filters::{client::client_authentication, database::connection, url_builder::UrlBuilder},
     reply::with_typed_header,
 };
 use oauth2_types::{
@@ -99,14 +99,13 @@ pub fn filter(
     pool: &PgPool,
     key_store: &Arc<StaticKeystore>,
     oauth2_config: &OAuth2Config,
+    http_config: &HttpConfig,
 ) -> BoxedFilter<(Box<dyn Reply>,)> {
     let key_store = key_store.clone();
-    let audience = oauth2_config
-        .issuer
-        .join("/oauth2/token")
-        .unwrap()
-        .to_string();
-    let issuer = oauth2_config.issuer.clone();
+    let builder = UrlBuilder::from(http_config);
+    let audience = builder.oauth_token_endpoint().to_string();
+
+    let issuer = builder.oidc_issuer();
 
     warp::path!("oauth2" / "token")
         .and(