OpenID Connect plugin: Exclude port from auth redirect

[CharlieC3]

Hello, I'm testing out the OpenID Connect plugin with Konnect in Kubernetes using Auth0.

After authenticating in Auth0, I keep getting redirected to a URL which looks like https://<my.domain.com>:80/. The inclusion of the port here is throwing off the auth flow and is resulting in SSL handshake errors. Ideally I'd be able to not have the port included in the redirect URI at all.

I don't see any way to configure this in the OpenID connect plugin config options. And I'd rather not hard-code any redirect URIs using the redirect_uri config option, as this list would be dynamic and have to be updated every day.

Here's an example of how the plugin is configured on my end:

apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
    name: oauth-auth0
    annotations:
        kubernetes.io/ingress.class: kong
disabled: false
plugin: openid-connect
config:
    auth_methods:
        - authorization_code
        - session
    issuer: https://<redacted>/.well-known/openid-configuration
    client_id:
        - <redacted>
    client_secret:
        - <redacted>
    session_secret: <redacted>
    scopes: []
    token_post_args_names:
        - audience
    token_post_args_values:
        - <redacted>
    display_errors: true

Kong version: 3.6
Kubernetes version: 1.28

Any guidance on this would be appreciated 🙏

[StarlightIbuki]

Hi. Thanks for reporting the issue. You can reach customer support for Kong Enterprise and enterprise plugin issues.

I believe the port is not appended by the OIDC plugin. Please check if the issuer-side logic does that.

[mwalton236]

Have you tried configuring port_maps in the kong config https://docs.konghq.com/gateway/latest/reference/configuration/#port_maps

[CharlieC3]

Interesting, I wasn't aware of that config option when originally testing this change so I'm not sure if that would've worked, but it seems promising. Unfortunately we're not running this setup anymore so I'm unable to test it out myself.