From 6c4abfabbb671e10c45bae5b249471e1177ff41e Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Wed, 18 Sep 2019 15:54:10 -0700
Subject: [PATCH] Make /.well-known/openid-configuration optional

---
 authority/provisioner/oidc.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/authority/provisioner/oidc.go b/authority/provisioner/oidc.go
index e2c5e8cd..d4937470 100644
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@@ -6,6 +6,8 @@ import (
 	"encoding/json"
 	"net"
 	"net/http"
+	"net/url"
+	"path"
 	"strings"
 	"time"
 
@@ -148,7 +150,14 @@ func (o *OIDC) Init(config Config) (err error) {
 	}
 
 	// Decode and validate openid-configuration endpoint
-	if err := getAndDecode(o.ConfigurationEndpoint, &o.configuration); err != nil {
+	u, err := url.Parse(o.ConfigurationEndpoint)
+	if err != nil {
+		return errors.Wrapf(err, "error parsing %s", o.ConfigurationEndpoint)
+	}
+	if !strings.Contains(u.Path, "/.well-known/openid-configuration") {
+		u.Path = path.Join(u.Path, "/.well-known/openid-configuration")
+	}
+	if err := getAndDecode(u.String(), &o.configuration); err != nil {
 		return err
 	}
 	if err := o.configuration.Validate(); err != nil {