refactor: use incoming request to build redirect uri

1 files changed, 5 insertions, 7 deletions

diff --git a/bin/ui b/bin/ui
index aa473d01..7ba69c8d 100755
--- a/bin/ui
+++ b/bin/ui
@@ -55,7 +55,7 @@ module OAuth
       server_metadata.fetch(key)
     end
 
-    def authorize_uri(state: SecureRandom.uuid, response_type: "code", response_mode: "query", scope: "openid")
+    def authorize_uri(redirect_uri:, state: SecureRandom.uuid, response_type: "code", response_mode: "query", scope: "openid")
       [
         self[:authorization_endpoint],
         to_query(
@@ -101,10 +101,6 @@ module OAuth
       end.join("&")
     end
 
-    def redirect_uri
-      "#{$scheme}://#{$host}/oauth/callback"
-    end
-
     def with_http
       http.with_retry do |client|
         yield client
@@ -229,7 +225,9 @@ class UI
       when "/oauth/callback"
         return oauth_callback(Rack::Request.new(env))
       when "/oidc/new"
-        return redirect_to(oauth_client.authorize_uri)
+        return redirect_to(oauth_client.authorize_uri(
+          redirect_uri: "#{request.base_url}/oauth/callback"
+        ))
       when "/saml/metadata.xml"
         return metadata
       when "/saml/new"
@@ -441,7 +439,7 @@ class UI
   end
 
   def saml_assertions(request)
-    sp = Saml::Kit.registry.metadata_for("#{$scheme}://#{$host}/saml/metadata.xml")
+    sp = Saml::Kit.registry.metadata_for("#{request.base_url}/saml/metadata.xml")
     saml_binding = sp.assertion_consumer_service_for(binding: :http_post)
     saml_response = saml_binding.deserialize(request.params)
     raise saml_response.errors unless saml_response.valid?