fix(auth): display the OIDC callback URL from oidcSettings

server/src/auth/oidc/oidc-client.service.ts

@@ -164,6 +164,6 @@ export class OidcClientService {
    * Get callback URL
    */
   private getCallbackUrl(): string {
-    return `${this.oidcConfigService.getAppUrl()}/api/auth/oidc/callback`;
+    return this.oidcConfigService.getOidcCallbackUrl();
   }
 }

server/src/auth/oidc/oidc-config.service.ts

@@ -116,6 +116,14 @@ export class OidcConfigService {
     return this.configService.get<string>('APP_URL') || 'http://localhost:3000';
   }
 
+  /**
+   * OIDC redirect URI
+   */
+  getOidcCallbackUrl(): string {
+    const base = this.getAppUrl().replace(/\/+$/, '');
+    return `${base}/api/auth/oidc/callback`;
+  }
+
   /**
    * Check if OIDC is enabled
    */
@@ -153,6 +161,7 @@ export class OidcConfigService {
     issuerUrl?: string;
     clientId?: string;
     hasClientSecret: boolean;
+    callbackUrl: string;
     disableInternalAuth: boolean;
     isLocked: boolean;
     source: 'env' | 'database' | 'default';
@@ -166,6 +175,7 @@ export class OidcConfigService {
       issuerUrl: config.issuerUrl,
       clientId: config.clientId,
       hasClientSecret: !!config.clientSecret,
+      callbackUrl: this.getOidcCallbackUrl(),
       disableInternalAuth: config.disableInternalAuth,
       isLocked: locked,
       source: locked ? 'env' : 'database',

web/app/(app)/admin/page.tsx

@@ -633,12 +633,11 @@ export default function AdminPage() {
                     <div className="rounded-lg border bg-muted/30 p-4">
                       <p className="text-sm font-medium mb-1">Callback URL</p>
                       <code className="text-xs break-all rounded bg-background px-2 py-1 block">
-                        {typeof window !== "undefined"
-                          ? `${window.location.origin}/api/auth/oidc/callback`
-                          : "/api/auth/oidc/callback"}
+                        {oidcSettings.callbackUrl}
                       </code>
                       <p className="text-xs text-muted-foreground mt-2">
-                        Add this URL in your OIDC provider as the redirect/callback URL.
+                        Add this URL in your OIDC provider as the redirect/callback URL. It comes from the {" "}
+                        <code className="px-1 py-0.5 bg-background rounded text-[0.7rem] font-mono">APP_URL</code> env variable.
                       </p>
                     </div>
                   </>

web/features/admin/types.ts

@@ -61,6 +61,7 @@ export interface OidcSettings {
   issuerUrl?: string;
   clientId?: string;
   hasClientSecret: boolean;
+  callbackUrl: string;
   disableInternalAuth: boolean;
   isLocked: boolean;
   source: "env" | "database" | "default";