From ec7dabc1c72c2f34c3f3474bc4b3c903bb2d693d Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@cloudron.io>
Date: Fri, 19 Apr 2024 19:03:21 +0200
Subject: [PATCH] oidc: also allow login on aliased app domains

---
 src/oidc.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/oidc.js b/src/oidc.js
index 47de91322..0dd2c2d0d 100644
--- a/src/oidc.js
+++ b/src/oidc.js
@@ -315,9 +315,15 @@ class CloudronAdapter {
                     return null;
                 }
 
+                const domains = [ app.fqdn ].concat(app.aliasDomains.map(d => d.fqdn));
+
                 // prefix login redirect uris with app.fqdn if it is just a path without a schema
                 // native callbacks for apps have custom schema like app.immich:/
-                tmp.redirect_uris = client.loginRedirectUri.split(',').map(s => s.trim()).map(s => url.parse(s).protocol ? s : `https://${app.fqdn}${s}`);
+                tmp.redirect_uris = [];
+                client.loginRedirectUri.split(',').map(s => s.trim()).forEach((s) => {
+                    if (url.parse(s).protocol) tmp.redirect_uris.push(s);
+                    else tmp.redirect_uris = tmp.redirect_uris.concat(domains.map(fqdn => `https://${fqdn}${s}`));
+                });
             } else {
                 tmp.redirect_uris = client.loginRedirectUri.split(',').map(s => s.trim());
             }