feature: Be able to configure the SSO Callback in HTTPS

[BeArchiTek]

Component

API Server / GraphQL

Describe the Feature Request

When deploying Infrahub behind a reverse proxy, Infrahub will use a "base_rul" in HTTP, as the reverse proxy will handle the HTTPS.

If I configure SSO with OIDC (with a callback URL), Infrahub does not send the callback to the Identity Provider, as HTTPS but HTTP.

I would like to configure a "public URL" for a "public-facing" service like this Callback.

Describe the Use Case

Be able to use Infrahub with a reverse proxy and an ODIC Identity provider.

Additional Information

The code seem to exist

infrahub/backend/infrahub/api/oidc.py

Line 58 in 4d32ce6

base_url = config.SETTINGS.dev.frontend_url or str(request.base_url)

I think we need to replace the dev.frontend_url by a non-dev "public URL" settings

[ogenstad]

Small comment here, when I used this locally the main reason was that the frontend might be running on a different port compared to the backend 8080 vs 8000. If used as is and just renaming this it should probably have another name and be called something like callback_base_url.

This is the setting I used locally:

export INFRAHUB_DEV_FRONTEND_URL=http://localhost:8080/

Then we'd append the correct protocol (OIDC or OAuth2) along with the selected provider. If the complete string was hardcoded you'd only be able to have one protocol and provider.