tobias/gwoe-antragspruefer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix: Keycloak redirect_uri http→https (Traefik TLS-Termination)

Browse Source
This commit is contained in:
Dotty Dotter 2026-04-10 21:16:15 +02:00
parent f728388286
commit 4c8b180383
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/main.py
View File

@ -296,8 +296,10 @@ async def auth_login_url(request: Request, redirect: str = "/"):
"""Keycloak-Login-URL für den Browser-Redirect.""" """Keycloak-Login-URL für den Browser-Redirect."""
if not _is_auth_enabled(): if not _is_auth_enabled():
return {"enabled": False, "url": ""} return {"enabled": False, "url": ""}
# Construct absolute redirect URI # Construct absolute redirect URI. Traefik terminiert TLS, deshalb
base = str(request.base_url).rstrip("/") # sieht FastAPI http:// als base_url. Erzwinge https:// damit die
# redirect_uri zum Keycloak-Client-Config passt.
base = str(request.base_url).rstrip("/").replace("http://", "https://" )
url = keycloak_login_url(f"{base}{redirect}") url = keycloak_login_url(f"{base}{redirect}")
return {"enabled": True, "url": url} return {"enabled": True, "url": url}