fix(exampleop): pass the issuer interceptor to login

example/server/dynamic/op.go

@@ -40,7 +40,7 @@ func main() {
 	port := "9998"
 	issuers := make([]string, len(hostnames))
 	for i, hostname := range hostnames {
-		issuers[i] = fmt.Sprintf("http://%s:%s/", hostname, port)
+		issuers[i] = fmt.Sprintf("http://%s:%s/oidc/", hostname, port)
 	}
 
 	//the OpenID Provider requires a 32-byte key for (token) encryption
@@ -84,7 +84,7 @@ func main() {
 	//if your issuer ends with a path (e.g. http://localhost:9998/custom/path/),
 	//then you would have to set the path prefix (/custom/path/):
 	//router.PathPrefix("/custom/path/").Handler(http.StripPrefix("/custom/path", provider.HttpHandler()))
-	router.PathPrefix("/").Handler(provider.HttpHandler())
+	router.PathPrefix("/oidc/").Handler(http.StripPrefix("/oidc", provider.HttpHandler()))
 
 	server := &http.Server{
 		Addr:    ":" + port,
@@ -125,7 +125,7 @@ func newDynamicOP(ctx context.Context, storage op.Storage, key [32]byte) (*op.Pr
 		//this example has only static texts (in English), so we'll set the here accordingly
 		SupportedUILocales: []language.Tag{language.English},
 	}
-	handler, err := op.NewDynamicOpenIDProvider("/", config, storage,
+	handler, err := op.NewDynamicOpenIDProvider("/oidc/", config, storage,
 		//we must explicitly allow the use of the http issuer
 		op.WithAllowInsecure(),
 		//as an example on how to customize an endpoint this will change the authorization_endpoint from /authorize to /auth

example/server/exampleop/login.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	"github.com/gorilla/mux"
+	"github.com/zitadel/oidc/v2/pkg/op"
 )
 
 type login struct {
@@ -14,19 +15,19 @@ type login struct {
 	callback     func(context.Context, string) string
 }
 
-func NewLogin(authenticate authenticate, callback func(context.Context, string) string) *login {
+func NewLogin(authenticate authenticate, callback func(context.Context, string) string, issuerInterceptor *op.IssuerInterceptor) *login {
 	l := &login{
 		authenticate: authenticate,
 		callback:     callback,
 	}
-	l.createRouter()
+	l.createRouter(issuerInterceptor)
 	return l
 }
 
-func (l *login) createRouter() {
+func (l *login) createRouter(issuerInterceptor *op.IssuerInterceptor) {
 	l.router = mux.NewRouter()
 	l.router.Path("/username").Methods("GET").HandlerFunc(l.loginHandler)
-	l.router.Path("/username").Methods("POST").HandlerFunc(l.checkLoginHandler)
+	l.router.Path("/username").Methods("POST").HandlerFunc(issuerInterceptor.HandlerFunc(l.checkLoginHandler))
 }
 
 type authenticate interface {

example/server/exampleop/op.go

@@ -57,7 +57,8 @@ func SetupServer(issuer string, storage Storage, extraOptions ...op.Option) *mux
 
 	//the provider will only take care of the OpenID Protocol, so there must be some sort of UI for the login process
 	//for the simplicity of the example this means a simple page with username and password field
-	l := NewLogin(storage, op.AuthCallbackURL(provider))
+	//be sure to provide an IssuerInterceptor with the IssuerFromRequest from the OP so the login can select / and pass it to the storage
+	l := NewLogin(storage, op.AuthCallbackURL(provider), op.NewIssuerInterceptor(provider.IssuerFromRequest))
 
 	// regardless of how many pages / steps there are in the process, the UI must be registered in the router,
 	// so we will direct all calls to /login to the login UI
@@ -71,7 +72,7 @@ func SetupServer(issuer string, storage Storage, extraOptions ...op.Option) *mux
 	//
 	// if your issuer ends with a path (e.g. http://localhost:9998/custom/path/),
 	// then you would have to set the path prefix (/custom/path/)
-	router.PathPrefix("/").Handler(provider.HttpHandler())
+	router.PathPrefix("/oidc/").Handler(http.StripPrefix("/oidc", provider.HttpHandler()))
 
 	return router
 }

example/server/main.go

@@ -13,7 +13,7 @@ func main() {
 	//we will run on :9998
 	port := "9998"
 	//which gives us the issuer: http://localhost:9998/
-	issuer := fmt.Sprintf("http://localhost:%s/", port)
+	issuer := fmt.Sprintf("http://localhost:%s/oidc/", port)
 
 	// the OpenIDProvider interface needs a Storage interface handling various checks and state manipulations
 	// this might be the layer for accessing your database