Skip to content

redirect loop after upgrade to 1.8.0 #543

New issue
New issue
Open
Open
redirect loop after upgrade to 1.8.0#543
@bsiara

Description

@bsiara
bsiara
opened on Apr 18, 2025

Hi after upgrade to 1.8.0 version (latest from git) I get 302 redirection loop and problem loading site and static files:
My configuration:

  lua_code_cache on;
  set $session_secret secret;
  access_by_lua_block {
    local opts = {
      --redirect_uri = "https://mydomain.coml",
      redirect_uri_path = "/callback",
      --accept_none_alg = true,
      discovery = "https://myiam.com/auth/realms/realm11/.well-known/openid-configuration",
      scope = "openid email profile",
      refresh_session_interval = 1800,
      access_token_expires_in = 86400,
      client_id = "client_id",
      client_secret = "client_secret",
      ssl_verify = "no",
      redirect_uri_scheme = "https",
      --logout_path = "/logout",
      --redirect_after_logout_uri = "https://myiam.com/auth/realms/realm11/protocol/openid-connect/logout",
      --redirect_after_logout_with_id_token_hint = false,
      session_contents = {id_token=true}
    }
    local res, err = require("resty.openidc").authenticate(opts)

    -- Authentication error or session expired - then lets start again
    if err or not res then
      -- errMsg = err and err or "Problem with auth. Try again"
      -- ngx.log(ngx.ERR, "Authentication error or session expired. Error: " .. errMsg)
      -- ngx.status = 403
      -- ngx.say(errMsg)
      -- ngx.exit(ngx.HTTP_FORBIDDEN)
      return ngx.redirect("/")
    end


    -- https://github.com/zmartzone/lua-resty-openidc/issues/222
    local function has_value (tab, val)
      for index, value in ipairs(tab) do
        if value == val then
          return true
        end
      end
      return false
    end

    local cjson = require "cjson"
    --ngx.log(ngx.ERR, cjson.encode(res))

    if has_value(res.id_token.groups, "/group11") then
      ngx.log(ngx.NOTICE, "Yep, you are fine and have valid group " .. cjson.encode(res.id_token.preferred_username))
    else
      ngx.log(ngx.ERR, "Nope, you do not have valid group " .. cjson.encode(res.id_token.preferred_username))
      ngx.status = 403
      ngx.exit(ngx.HTTP_FORBIDDEN)
    end

    if err then
      ngx.status = 500
      ngx.say(err)
      ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
    end
  }

My openresty version is 1.27.1.2
Required packages version is:

ledgetech/lua-resty-http 0.17.1
lua-resty-hmac-0.06
cdbattags/lua-resty-jwt 0.2.0
hamishforbes/lua-ffi-zlib 0.6.0
fffonion/lua-resty-openssl 1.5.2
bungle/lua-resty-session 4.1.1

When browser try to download static files, sometime get 200 code or sometime 302 to reauth on my iam

Image

In version 1.7.6 all working well.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions