vouch-proxy: redirection from `/auth` to `/auth/$STATE` fails when VP is hosted at a path such as `/vouch` (redirects to `/auth/$STATE` instead of `/vouch/auth/$STATE`)

released in v0.33.0

Thanks again to @balee @jskrzypek @beingamarnath @MCOfficer and @pommedeterresautee for the testing and debugging support. Very pleased to get this fix into VP.

Apologies, I had a family health crisis last week and was out of office sInce last Tuesday and I’m still playing catch-up. I will try to test it out in the next few businesses days, but it may only be next week.

In the meantime, here’s a dirty little workaround, assuming you don’t need that /auth path for something else.

        location /auth/ {
            auth_request off;
			# Pretty much mirror your proxy settings here.
			# You can also proxy_pass to the vouch port directly.
			# make sure to get your trailing slashes right!
            proxy_pass http://your.vouch.url/auth/; 
            proxy_set_header Host $http_host;
        }

@bnfinet I’ll try to test that next week as I’m already nearing EoD. Fwiw my coworkers on Chrome are not having that issue with needing to reload to get the configuration snippet to work

thanks @gsx95 would you be able to publish a fix and confirm it works for the common case (VP at vouch.mydomain.com/auth) and then we can ask @pommedeterresautee to build and test on his end?

Otherwise it will have to wait for me to get to it 😃

I would be happy to test that version when ready and report here for results.

You are right @bnfinet, this is caused by VP’s hard redirect to /auth/state, which doesn’t account for vouch running on its own context path as in this case. A possible fix could be to redirect to ./auth/state instead to keep the context path. One would have to test this of course, but I think this could be a valid solution. Let me know what you think.

Your cookie.secure is false but your auth endpoint is https. Usually they should align. Probably should be removed to default secure: true.