Fix OIDC endpoint URLs to include /oidc prefix

Configure oidc-provider routes with explicit /oidc prefix so the discovery document and token endpoints resolve correctly. Previously the catch-all stripped the prefix, causing the provider to generate URLs without it.
2026-03-01 16:41:38 +00:00 · 2026-03-01 16:41:38 +00:00 · a055874680
commit a055874680
parent 8a529a8e7c
2 changed files with 18 additions and 4 deletions
--- a/server/utils/oidc-provider.ts
+++ b/server/utils/oidc-provider.ts
@ -90,6 +90,22 @@ export async function getOidcProvider() {
      rpInitiatedLogout: { enabled: true },
    },

+    // Mount all OIDC endpoints under /oidc prefix
+    routes: {
+      authorization: "/oidc/auth",
+      backchannel_authentication: "/oidc/backchannel",
+      code_verification: "/oidc/device",
+      device_authorization: "/oidc/device/auth",
+      end_session: "/oidc/session/end",
+      introspection: "/oidc/token/introspection",
+      jwks: "/oidc/jwks",
+      pushed_authorization_request: "/oidc/request",
+      registration: "/oidc/reg",
+      revocation: "/oidc/token/revocation",
+      token: "/oidc/token",
+      userinfo: "/oidc/me",
+    },
+
    interactions: {
      url(_ctx: unknown, interaction: { uid: string }) {
        return `/oidc/interaction/${interaction.uid}`;