issuer in discovery document contains trailing '/' #1482
Closed
Description
Describe the bug
Setting urls.self.issuer in the configuration without a trailing slash results in the issuer being advertised in the discovery document with a trailing slash. As clients need to validate this information it should be deterministic.
Reproducing the bug
docker run -p 4444:4444 \
-e URLS_SELF_ISSUER=https://auth.example.com \
-e DSN=memory \
oryd/hydra:v1.0.0-rc.16 serve all --dangerous-force-http
curl -s localhost:4444/.well-known/openid-configuration | jq .issuer
"https://auth.example.com/"
I expected "https://auth.example.com"
Server logs
time="2019-06-25T11:44:32Z" level=warning msg="HTTPS disabled. Never do this in production."
time="2019-06-25T11:44:36Z" level=info msg="started handling request" method=GET remote="172.17.0.1:40196" request=/.well-known/openid-configuration
time="2019-06-25T11:44:36Z" level=info msg="completed handling request" measure#hydra/public: https://auth.example.com/.latency=814000 method=GET remote="172.17.0.1:40196" request=/.well-known/openid-configuration status=200 text_status=OK took="814µs"
Additional context
Other OP's:
curl -s https://accounts.google.com/.well-known/openid-configuration | jq .issuer
"https://accounts.google.com"
Okta https://developer.okta.com/docs/reference/api/oidc/#response-example-success-6
Only auth0 seems to add a trailing slash as far as I can see.
When migrating to hydra I would like to avoid reconfiguring all clients.