fix other urls for auth service

example-config.yml

@@ -19,4 +19,4 @@ auth_client.config.raw: >
     "confidential-port": 0,
     "clientId": "registrationService"
   }
-auth_client.public_keys_url: "http://localhost:8080/auth/realms/demoRealm/protocol/openid-connect/certs"
+auth_client.public_keys_url: "http://localhost:8080/realms/demoRealm/protocol/openid-connect/certs"

pkg/proxy/proxy.go

@@ -51,11 +51,11 @@ const (
 )
 
 func ssoWellKnownTarget() string {
-	return fmt.Sprintf("%s/auth/realms/%s/.well-known/openid-configuration", configuration.GetRegistrationServiceConfig().Auth().SSOBaseURL(), configuration.GetRegistrationServiceConfig().Auth().SSORealm())
+	return fmt.Sprintf("%s/realms/%s/.well-known/openid-configuration", configuration.GetRegistrationServiceConfig().Auth().SSOBaseURL(), configuration.GetRegistrationServiceConfig().Auth().SSORealm())
 }
 
 func openidAuthEndpoint() string {
-	return fmt.Sprintf("/auth/realms/%s/protocol/openid-connect/auth", configuration.GetRegistrationServiceConfig().Auth().SSORealm())
+	return fmt.Sprintf("/realms/%s/protocol/openid-connect/auth", configuration.GetRegistrationServiceConfig().Auth().SSORealm())
 }
 
 func authorizationEndpointTarget() string {
@@ -146,10 +146,10 @@ func (p *Proxy) StartProxy(port string) *http.Server {
 	// Here is the expected flow for the "oc login -w" command:
 	// 1. "oc login -w --server=<proxy_url>"
 	// 2. oc calls <proxy_url>/.well-known/oauth-authorization-server (wellKnownOauthConfigEndpoint endpoint)
-	// 3. proxy forwards it to <sso_url>/auth/realms/<sso_realm>/.well-known/openid-configuration
-	// 4. oc starts an OAuth flow by opening a browser for <proxy_url>/auth/realms/<realm>/protocol/openid-connect/auth
+	// 3. proxy forwards it to <sso_url>/realms/<sso_realm>/.well-known/openid-configuration
+	// 4. oc starts an OAuth flow by opening a browser for <proxy_url>/realms/<realm>/protocol/openid-connect/auth
 	// 5. proxy redirects (the request is not proxied but redirected via 403 See Others response!) the request
-	//    to <sso_url>/auth/realms/<realm>/protocol/openid-connect/auth
+	//    to <sso_url>/realms/<realm>/protocol/openid-connect/auth
 	//    Note: oc uses this hardcoded public (no secret) oauth client name: "openshift-cli-client" which has to exist in SSO to make this flow work.
 	// 6. user provides the login credentials in the sso login page
 	// 7. all following oc requests (<proxy_url>/auth/*) go to the proxy and forwarded to SSO as is. This is used to obtain the generated token by oc.

pkg/proxy/proxy_test.go

@@ -314,7 +314,7 @@ func (s *TestProxySuite) checkWebLogin() {
 			w.Header().Set("Content-Type", "application/json")
 			w.WriteHeader(http.StatusOK)
 			switch p := r.URL.Path; p {
-			case "/auth/realms/sandbox-dev/.well-known/openid-configuration":
+			case "/realms/sandbox-dev/.well-known/openid-configuration":
 				_, err := w.Write([]byte("mock SSO configuration"))
 				require.NoError(s.T(), err)
 			case "/auth/anything":
@@ -343,10 +343,10 @@ func (s *TestProxySuite) checkWebLogin() {
 				ExpectedResponse:   "mock SSO configuration",
 			},
 			"oidc": {
-				RequestURL:         "http://localhost:8081/auth/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
+				RequestURL:         "http://localhost:8081/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
 				ExpectedStatusCode: http.StatusSeeOther,
 				ExpectedHeaders: map[string]string{
-					"Location": testServer.URL + "/auth/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
+					"Location": testServer.URL + "/realms/sandbox-dev/protocol/openid-connect/auth?state=mystate&code=mycode",
 				},
 			},
 			"other auth requests": {