Add header to override the base URI of the oauthgrant redirect_uri parameter

[czhou-brex]

Is your feature request related to a problem? Please describe.
We are facing a challenge using the oauthgrant filter where the redirect_uri has the wrong host value. The base URL ends up being the ingress's host name rather than the hostname of the origin. This leads to a login failure.

Skipper currently relies on the host of the request and there is no way to set this value.

skipper/filters/auth/grantconfig.go

Line 370 in 7cb3dc2

u.Host = req.Host

Describe the solution you would like
We would like to add a new header X-Skipper-Redirect-Base-Uri to override the header in order to support both localhost and non-local environments, in order to be able to supply the correct redirect_uri value.

Describe alternatives you've considered (optional)
We have tried to forward the host headers via our Cloudfront and Ingress environments but this solution will not work for localhost.

Would you like to work on it?
Yes, see #3228

[AlexanderYastrebov]

Hello, thank you.

The base URL ends up being the ingress's host name rather than the hostname of the origin.

What is ingress's host name? Is it the host name of the skipper machine or something else?

[czhou-brex]

Hello, thank you.

The base URL ends up being the ingress's host name rather than the hostname of the origin.

What is ingress's host name? Is it the host name of the skipper machine or something else?

The ingress host name is "myapp-staging" which results in the redirect_uri being https://myapp-staging.staging.host.com/oauth/callback instead of the correct https://myapp.staging.host.com/oauth/callback, which was the origin URL. We can forward the host using external-dns in ingress.

However we also need to make this work for localhost for the dev environment, so redirect_uri will be "http://localhost/oauth/callback". We cannot forward localhost in external-dns.