diff --git a/signer/fulcio/fulcio.go b/signer/fulcio/fulcio.go index ff628ecc..fc4c55d8 100644 --- a/signer/fulcio/fulcio.go +++ b/signer/fulcio/fulcio.go @@ -105,6 +105,20 @@ func init() { return fsp, nil }, ), + registry.StringConfigOption( + "oidc-redirect-url", + "OIDC redirect URL (Optional). The default oidc-redirect-url is 'http://localhost:0/auth/callback'.", + "", + func(sp signer.SignerProvider, oidcRedirectUrl string) (signer.SignerProvider, error) { + fsp, ok := sp.(FulcioSignerProvider) + if !ok { + return sp, fmt.Errorf("provided signer provider is not a fulcio signer provider") + } + + WithOidcRedirectUrl(oidcRedirectUrl)(&fsp) + return fsp, nil + }, + ), registry.StringConfigOption( "token-path", "Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token)", @@ -123,11 +137,12 @@ func init() { } type FulcioSignerProvider struct { - FulcioURL string - OidcIssuer string - OidcClientID string - Token string - TokenPath string + FulcioURL string + OidcIssuer string + OidcClientID string + Token string + TokenPath string + OidcRedirectUrl string } type Option func(*FulcioSignerProvider) @@ -156,6 +171,13 @@ func WithToken(tokenOption string) Option { } } + +func WithOidcRedirectUrl(oidcRedirectUrl string) Option { + return func(fsp *FulcioSignerProvider) { + fsp.OidcRedirectUrl = oidcRedirectUrl + } +} + func WithTokenPath(tokenPathOption string) Option { return func(fsp *FulcioSignerProvider) { fsp.TokenPath = tokenPathOption @@ -243,7 +265,7 @@ func (fsp FulcioSignerProvider) Signer(ctx context.Context) (cryptoutil.Signer, raw = string(f) case fsp.Token == "" && isatty.IsTerminal(os.Stdin.Fd()): - tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", "", oauthflow.DefaultIDTokenGetter) + tok, err := oauthflow.OIDConnect(fsp.OidcIssuer, fsp.OidcClientID, "", fsp.OidcRedirectUrl, oauthflow.DefaultIDTokenGetter) if err != nil { return nil, err }