VITE_OBP_OAUTH2_WELL_KNOWN_URL is optional

simonredfern · simonredfern · commit 370f80f7fd58 · 2025-12-30T12:40:55.000+01:00
diff --git a/.env.example b/.env.example
@@ -6,7 +6,7 @@ VITE_OBP_API_VERSION=v5.1.0
 VITE_OBP_API_EXPLORER_HOST=http://localhost:5173
 
 ### Session Configuration ###
-VITE_OPB_SERVER_SESSION_PASSWORD=change-me-to-a-secure-random-string
+VITE_OBP_SERVER_SESSION_PASSWORD=change-me-to-a-secure-random-string
 
 ### OAuth2 Redirect URL (shared by all providers) ###
 VITE_OAUTH2_REDIRECT_URL=http://localhost:5173/api/oauth2/callback
@@ -17,9 +17,13 @@ VITE_OAUTH2_REDIRECT_URL=http://localhost:5173/api/oauth2/callback
 # VITE_OBP_REDIS_USERNAME=
 
 ### Multi-Provider OAuth2/OIDC Configuration ###
-### The system fetches available providers from: http://localhost:8080/obp/v5.1.0/well-known
+### If VITE_OBP_OAUTH2_WELL_KNOWN_URL is set, it will be used 
+### Otherwise, the system fetches available providers from: VITE_OBP_API_HOST/obp/v5.1.0/well-known
 ### Configure credentials below for each provider you want to support
 
+### (Optional) ###
+# VITE_OBP_OAUTH2_WELL_KNOWN_URL=http://127.0.0.1:9000/obp-oidc/.well-known/openid-configuration
+
 ### OBP-OIDC Provider ###
 VITE_OBP_OIDC_CLIENT_ID=your-obp-oidc-client-id
 VITE_OBP_OIDC_CLIENT_SECRET=your-obp-oidc-client-secret
diff --git a/server/services/OAuth2ProviderManager.ts b/server/services/OAuth2ProviderManager.ts
@@ -66,13 +66,32 @@ export class OAuth2ProviderManager {
   }
 
   /**
-   * Fetch well-known URIs from OBP API
+   * Fetch well-known URIs from OBP API or legacy env variable
    *
-   * Calls: GET /obp/v5.1.0/well-known
+   * Priority:
+   * 1. VITE_OBP_OAUTH2_WELL_KNOWN_URL (legacy single-provider mode)
+   * 2. VITE_OBP_API_HOST/obp/v5.1.0/well-known (multi-provider mode)
    *
    * @returns Array of well-known URIs with provider names
    */
   async fetchWellKnownUris(): Promise<WellKnownUri[]> {
+    // Check for legacy single-provider configuration
+    const legacyWellKnownUrl = process.env.VITE_OBP_OAUTH2_WELL_KNOWN_URL
+
+    if (legacyWellKnownUrl) {
+      console.log('OAuth2ProviderManager: Using legacy VITE_OBP_OAUTH2_WELL_KNOWN_URL...')
+      console.log(`OAuth2ProviderManager: Well-known URL: ${legacyWellKnownUrl}`)
+
+      // Return single provider configuration
+      return [
+        {
+          provider: 'obp-oidc',
+          url: legacyWellKnownUrl
+        }
+      ]
+    }
+
+    // Multi-provider mode: fetch from OBP API
     console.log('OAuth2ProviderManager: Fetching well-known URIs from OBP API...')
 
     try {
