fix: lookup config file options correctly in file loader

fix: handle empty client name in authorize page
fix: include kid in jwks response
2026-03-04 22:02:02 +00:00 · 2026-03-03 22:48:44 +02:00 · 2026-03-03 22:48:44 +02:00 · 2026-03-03 22:48:44 +02:00
4 changed files with 27 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,6 @@ __debug_*

 # generated markdown (for docs)
 /config.gen.md
+
+# testing config
+config.certify.yml
--- a/frontend/src/pages/authorize-page.tsx
+++ b/frontend/src/pages/authorize-page.tsx
@@ -155,8 +155,8 @@ export const AuthorizePage = () => {
    <Card>
      <CardHeader className="mb-2">
        <div className="flex flex-col gap-3 items-center justify-center text-center">
-          <div className="bg-accent-foreground box-content text-muted text-xl font-bold font-sans rounded-lg size-10 p-2 flex items-center justify-center">
-            {getClientInfo.data?.name.slice(0, 1)}
+          <div className="bg-accent-foreground box-content text-muted text-xl font-bold font-sans rounded-lg size-8 p-2 flex items-center justify-center">
+            {getClientInfo.data?.name.slice(0, 1) || "U"}
          </div>
          <CardTitle className="text-xl">
            {t("authorizeCardTitle", {
--- a/internal/service/oidc_service.go
+++ b/internal/service/oidc_service.go
@@ -8,6 +8,7 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"database/sql"
+	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"errors"
@@ -665,10 +666,21 @@ func (service *OIDCService) Cleanup() {
 }

 func (service *OIDCService) GetJWK() ([]byte, error) {
+	hasher := sha256.New()
+
+	der := x509.MarshalPKCS1PublicKey(&service.privateKey.PublicKey)
+
+	if der == nil {
+		return nil, errors.New("failed to marshal public key")
+	}
+
+	hasher.Write(der)
+
 	jwk := jose.JSONWebKey{
 		Key:       service.privateKey,
 		Algorithm: string(jose.RS256),
 		Use:       "sig",
+		KeyID:     base64.URLEncoding.EncodeToString(hasher.Sum(nil)),
 	}

 	return jwk.Public().MarshalJSON()
--- a/internal/utils/loaders/loader_file.go
+++ b/internal/utils/loaders/loader_file.go
@@ -1,6 +1,8 @@
 package loaders

 import (
+	"os"
+
 	"github.com/rs/zerolog/log"
 	"github.com/traefik/paerser/cli"
 	"github.com/traefik/paerser/file"
@@ -16,11 +18,16 @@ func (f *FileLoader) Load(args []string, cmd *cli.Command) (bool, error) {
 		return false, err
 	}

-	// I guess we are using traefik as the root name
-	configFileFlag := "traefik.experimental.configFile"
+	// I guess we are using traefik as the root name (we can't change it)
+	configFileFlag := "traefik.experimental.configfile"
+	envVar := "TINYAUTH_EXPERIMENTAL_CONFIGFILE"

 	if _, ok := flags[configFileFlag]; !ok {
-		return false, nil
+		if value := os.Getenv(envVar); value != "" {
+			flags[configFileFlag] = value
+		} else {
+			return false, nil
+		}
 	}

 	log.Warn().Msg("Using experimental file config loader, this feature is experimental and may change or be removed in future releases")
Author	SHA1	Message	Date
Stavros	0e6bcf9713	fix: lookup config file options correctly in file loader	2026-03-03 22:48:44 +02:00
Stavros	af5a8bc452	fix: handle empty client name in authorize page	2026-03-03 22:48:44 +02:00
Stavros	de980815ce	fix: include kid in jwks response	2026-03-03 22:48:44 +02:00