fix(server): m2m auth0 issuer base url

Signed-off-by: Asitha de Silva <asithade@gmail.com>

Author: asithade

apps/lfx-pcc/.env.example

@@ -14,7 +14,7 @@ PCC_AUTH0_SECRET=sufficiently-long-string
 # M2M Token Generation
 M2M_AUTH_CLIENT_ID=your-auth0-client-id
 M2M_AUTH_CLIENT_SECRET=your-auth0-client-secret
-M2M_AUTH_ISSUER_BASE_URL=https://auth.k8s.orb.local
+M2M_AUTH_ISSUER_BASE_URL=https://auth.k8s.orb.local/
 M2M_AUTH_AUDIENCE=http://lfx-api.k8s.orb.local/
 
 # Microservice Configuration

apps/lfx-pcc/src/server/utils/m2m-token.util.ts

@@ -29,7 +29,7 @@ export async function generateM2MToken(req: Request): Promise<string> {
 
     // Select the appropriate request configuration
     const config = isAuthelia ? AUTHELIA_TOKEN_REQUEST : AUTH0_TOKEN_REQUEST;
-    const tokenEndpoint = `${issuerBaseUrl}${config.endpoint}`;
+    const tokenEndpoint = `${issuerBaseUrl}/${config.endpoint}`;
 
     // Prepare request options based on auth provider
     const requestOptions = {
@@ -113,8 +113,8 @@ export async function generateM2MToken(req: Request): Promise<string> {
  * Request configuration for Auth0 M2M token generation
  */
 const AUTH0_TOKEN_REQUEST = {
-  endpoint: '/oauth/token',
-  method: 'POST' as const,
+  endpoint: 'oauth/token',
+  method: 'POST',
   createHeaders: () => ({
     ['Cache-Control']: 'no-cache',
     ['Content-Type']: 'application/json',
@@ -132,8 +132,8 @@ const AUTH0_TOKEN_REQUEST = {
  * Request configuration for Authelia M2M token generation
  */
 const AUTHELIA_TOKEN_REQUEST = {
-  endpoint: '/api/oidc/token',
-  method: 'POST' as const,
+  endpoint: 'api/oidc/token',
+  method: 'POST',
   createHeaders: () => {
     const clientId = process.env['M2M_AUTH_CLIENT_ID'];
     const clientSecret = process.env['M2M_AUTH_CLIENT_SECRET'];

docs/architecture/backend/authentication.md

@@ -12,15 +12,15 @@ The application uses Auth0 for user authentication via `express-openid-connect`
 # User Authentication (Auth0/Authelia)
 PCC_AUTH0_SECRET='your-auth0-secret'
 PCC_BASE_URL='http://localhost:4000'
-PCC_AUTH0_ISSUER_BASE_URL='https://your-domain.auth0.com'
+PCC_AUTH0_ISSUER_BASE_URL='https://your-domain.auth0.com/'
 PCC_AUTH0_CLIENT_ID='your-client-id'
 PCC_AUTH0_CLIENT_SECRET='your-client-secret'
 PCC_AUTH0_AUDIENCE='https://your-api-audience'
 
 # Machine-to-Machine (M2M) Token Authentication
 M2M_AUTH_CLIENT_ID='your-m2m-client-id'
 M2M_AUTH_CLIENT_SECRET='your-m2m-client-secret'
-M2M_AUTH_ISSUER_BASE_URL='https://auth.k8s.orb.local'
+M2M_AUTH_ISSUER_BASE_URL='https://auth.k8s.orb.local/'
 M2M_AUTH_AUDIENCE='http://lfx-api.k8s.orb.local/'
 ```
 

docs/deployment.md

@@ -208,15 +208,15 @@ LOG_LEVEL=info
 # Get these values from your Auth0 dashboard
 PCC_AUTH0_CLIENT_ID=your-auth0-client-id
 PCC_AUTH0_CLIENT_SECRET=your-auth0-client-secret
-PCC_AUTH0_ISSUER_BASE_URL=https://auth.k8s.orb.local
+PCC_AUTH0_ISSUER_BASE_URL=https://auth.k8s.orb.local/
 PCC_AUTH0_AUDIENCE=http://lfx-api.k8s.orb.local/
 PCC_AUTH0_SECRET=sufficiently-long-string
 
 # Machine-to-Machine (M2M) Authentication
 # For server-side API calls from public endpoints
 M2M_AUTH_CLIENT_ID=your-m2m-client-id
 M2M_AUTH_CLIENT_SECRET=your-m2m-client-secret
-M2M_AUTH_ISSUER_BASE_URL=https://auth.k8s.orb.local
+M2M_AUTH_ISSUER_BASE_URL=https://auth.k8s.orb.local/
 M2M_AUTH_AUDIENCE=http://lfx-api.k8s.orb.local/
 
 # Microservice Configuration