From 42f818c5d59dc65eb93814aed79ead4012ae87d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Mart=C3=ADn?= <github@gmartin.net>
Date: Sat, 22 Nov 2025 14:10:24 +0100
Subject: [PATCH] Feature: add OIDC_CALLBACK_URL to configuration and update
 auth module to use it

---
 apps/api/src/app/auth/auth.module.ts                      | 8 +++++---
 .../src/services/configuration/configuration.service.ts   | 1 +
 apps/api/src/services/interfaces/environment.interface.ts | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/apps/api/src/app/auth/auth.module.ts b/apps/api/src/app/auth/auth.module.ts
index 0e8a1dc16..00494ccdb 100644
--- a/apps/api/src/app/auth/auth.module.ts
+++ b/apps/api/src/app/auth/auth.module.ts
@@ -51,6 +51,10 @@ import { OidcStrategy } from './oidc.strategy';
           .map((s) => s.trim())
           .filter((s) => s.length > 0);
 
+        const callbackUrl =
+          configurationService.get('OIDC_CALLBACK_URL') ||
+          `${configurationService.get('ROOT_URL')}/api/auth/oidc/callback`;
+
         const options: {
           authorizationURL?: string;
           callbackURL: string;
@@ -61,9 +65,7 @@ import { OidcStrategy } from './oidc.strategy';
           tokenURL?: string;
           userInfoURL?: string;
         } = {
-          callbackURL: `${configurationService.get(
-            'ROOT_URL'
-          )}/api/auth/oidc/callback`,
+          callbackURL: callbackUrl,
           clientID: configurationService.get('OIDC_CLIENT_ID'),
           clientSecret: configurationService.get('OIDC_CLIENT_SECRET'),
           scope
diff --git a/apps/api/src/services/configuration/configuration.service.ts b/apps/api/src/services/configuration/configuration.service.ts
index 56b0124fe..75b7ed4d1 100644
--- a/apps/api/src/services/configuration/configuration.service.ts
+++ b/apps/api/src/services/configuration/configuration.service.ts
@@ -59,6 +59,7 @@ export class ConfigurationService {
       MAX_ACTIVITIES_TO_IMPORT: num({ default: Number.MAX_SAFE_INTEGER }),
       MAX_CHART_ITEMS: num({ default: 365 }),
       OIDC_AUTHORIZATION_URL: str({ default: '' }),
+      OIDC_CALLBACK_URL: str({ default: '' }),
       OIDC_CLIENT_ID: str({ default: '' }),
       OIDC_CLIENT_SECRET: str({ default: '' }),
       OIDC_ISSUER: str({ default: '' }),
diff --git a/apps/api/src/services/interfaces/environment.interface.ts b/apps/api/src/services/interfaces/environment.interface.ts
index c6223d1c3..c37442688 100644
--- a/apps/api/src/services/interfaces/environment.interface.ts
+++ b/apps/api/src/services/interfaces/environment.interface.ts
@@ -34,6 +34,7 @@ export interface Environment extends CleanedEnvAccessors {
   MAX_ACTIVITIES_TO_IMPORT: number;
   MAX_CHART_ITEMS: number;
   OIDC_AUTHORIZATION_URL: string;
+  OIDC_CALLBACK_URL: string;
   OIDC_CLIENT_ID: string;
   OIDC_CLIENT_SECRET: string;
   OIDC_ISSUER: string;