From 7f93c62604f00a4eac11bf321b792f3f77ef85e9 Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Fri, 9 Sep 2022 12:31:17 +0200
Subject: [PATCH] fix(openid/client): handle missing redirect uri for callbacks

---
 pkg/openid/client/login_callback.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pkg/openid/client/login_callback.go b/pkg/openid/client/login_callback.go
index 4fe7ef5..239adb1 100644
--- a/pkg/openid/client/login_callback.go
+++ b/pkg/openid/client/login_callback.go
@@ -8,6 +8,7 @@ import (
 
 	"golang.org/x/oauth2"
 
+	urlpkg "github.com/nais/wonderwall/pkg/handler/url"
 	"github.com/nais/wonderwall/pkg/openid"
 )
 
@@ -23,6 +24,16 @@ func NewLoginCallback(c *Client, r *http.Request, cookie *openid.LoginCookie) (*
 		return nil, fmt.Errorf("cookie is nil")
 	}
 
+	// redirect_uri not set in cookie (e.g. login initiated at instance running older version, callback handled at newer version)
+	if len(cookie.RedirectURI) == 0 {
+		callbackURL, err := urlpkg.LoginCallbackURL(r)
+		if err != nil {
+			return nil, fmt.Errorf("generating callback url: %w", err)
+		}
+
+		cookie.RedirectURI = callbackURL
+	}
+
 	return &LoginCallback{
 		Client:        c,
 		cookie:        cookie,