feat: add RedirectUriPrefix support to OpenIdConnectConfiguration for sub-path deployments

src/modules/Elsa.Studio.Login/Extensions/StringExtensions.cs

@@ -0,0 +1,29 @@
+namespace Elsa.Studio.Login.Extensions;
+
+/// <summary>
+/// Provides a set of extension methods for <see cref="string"/>.
+/// </summary>
+internal static class StringExtensions
+{
+    /// <summary>
+    /// Ensures the string starts with the specified character when non-empty.
+    /// </summary>
+    public static string EnsureStartsWith(this string? value, string prefix)
+    {
+        if (string.IsNullOrEmpty(value))
+            return string.Empty;
+
+        return value.StartsWith(prefix) ? value : prefix + value;
+    }
+
+    /// <summary>
+    /// Ensures the string ends with the specified string when non-empty.
+    /// </summary>
+    public static string EnsureEndsWith(this string? value, string suffix)
+    {
+        if (string.IsNullOrEmpty(value))
+            return string.Empty;
+
+        return value.EndsWith(suffix) ? value : value + suffix;
+    }
+}

src/modules/Elsa.Studio.Login/Models/OpenIdConnectConfiguration.cs

@@ -20,6 +20,14 @@ public class OpenIdConnectConfiguration
     /// </summary>
     public required string EndSessionEndpoint { get; set; }
 
+    /// <summary>
+    /// A prefix to insert before <c>/signin-oidc</c> when constructing the redirect_uri for the authorization request.
+    /// Useful for sub-path deployments behind a reverse proxy, e.g. setting this to <c>/workflow</c> produces
+    /// <c>https://myapp.com/workflow/signin-oidc</c>. The value must start with <c>/</c>. When not set the redirect_uri
+    /// defaults to <c>{origin}/signin-oidc</c>.
+    /// </summary>
+    public string? RedirectUriPrefix { get; set; }
+
     /// <summary>
     /// The client_id as which this application is registered with the authorization server
     /// </summary>

src/modules/Elsa.Studio.Login/Services/OpenIdConnectAuthorizationService.cs

@@ -1,4 +1,5 @@
-using Elsa.Studio.Login.Contracts;
+using Elsa.Studio.Login.Contracts;
+using Elsa.Studio.Login.Extensions;
 using Elsa.Studio.Login.Models;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.WebUtilities;
@@ -21,7 +22,7 @@ public class OpenIdConnectAuthorizationService(IJwtAccessor jwtAccessor, IOption
     public async Task RedirectToAuthorizationServer()
     {
         var config = configuration.Value;
-        var redirectUri = new Uri(navigationManager.Uri).GetLeftPart(UriPartial.Authority) + "/signin-oidc";
+        var redirectUri = new Uri(navigationManager.Uri).GetLeftPart(UriPartial.Authority) + config.RedirectUriPrefix.EnsureStartsWith("/") + "/signin-oidc";
         string url = config.AuthEndpoint + $"?client_id={WebUtility.UrlEncode(config.ClientId)}&redirect_uri={WebUtility.UrlEncode(redirectUri)}&response_type=code&scope={WebUtility.UrlEncode(String.Join(' ', config.Scopes))}";
         if (config.UsePkce)
         {
@@ -40,7 +41,7 @@ public async Task RedirectToAuthorizationServer()
     public async Task ReceiveAuthorizationCode(string code, string? state, CancellationToken cancellationToken)
     {
         var config = configuration.Value;
-        var redirectUri = new Uri(navigationManager.Uri).GetLeftPart(UriPartial.Authority) + "/signin-oidc";
+        var redirectUri = new Uri(navigationManager.Uri).GetLeftPart(UriPartial.Authority) + config.RedirectUriPrefix.EnsureStartsWith("/") + "/signin-oidc";
 
         var formValues = new List<KeyValuePair<string, string>>
         {
@@ -50,7 +51,7 @@ public async Task ReceiveAuthorizationCode(string code, string? state, Cancellat
             new("redirect_uri", redirectUri)
         };
 
-        if(!string.IsNullOrWhiteSpace(config.ClientSecret))
+        if (!string.IsNullOrWhiteSpace(config.ClientSecret))
         {
             formValues.Add(new KeyValuePair<string, string>("client_secret", config.ClientSecret));
         }
@@ -132,7 +133,7 @@ private static async Task<string> ReadErrorSummaryAsync(HttpContent content, Can
         if (summary.Length > MaxLoggedErrorLength)
             summary = summary[..MaxLoggedErrorLength];
 
-        return truncated ? $"{summary}…" : summary;
+        return truncated ? $"{summary}�" : summary;
     }
 
     private static async Task<(string Content, bool Truncated)> ReadContentSnippetAsync(HttpContent content, CancellationToken cancellationToken)
@@ -178,4 +179,5 @@ private static async Task<string> ReadErrorSummaryAsync(HttpContent content, Can
 
         return null;
     }
+
 }