Rails Devise Omniauth omniauth_openid_connect issue, how to work with endpoints with different hosts

Question

I need some help in configuring omniauth_openid_connect gem (https://github.com/omniauth/omniauth_openid_connect). I have two endpoints one for Authorization and another for token:

Authorization endpoint: https://oauth.provider.com/authorize

Token endpoint: https://oauth-secured.provider.com/token

as you can see eachone has a different host, but are the same provider, Im not sure how to configure this in the gem as you can only specify one host

config.omniauth :openid_connect, 
{ 
    name: :openid_connect,
    scope: [:openid],
    issuer: "oauth.provider.com"
    response_type: :code,
    discovery: :true,
    client_options:
    {
    port: 443,
    scheme: "https",
    host: "oauth.provider.com",
    authorization_endpoint: "/authorize", 
    token_endpoint: "/token", #How to specify here correctly https://oauth-secured.provider.com/token
    identifier: 'CLIENT_ID', 
    secret: 'CLIENT_SECRET', 
    redirect_uri: "https://myapp.com/users/auth/openid_connect/callback", 
    }, 
  }

Answer 1

Doesn't look like that's configurable. The client only takes one host and endpoints are relative to the host. Configuration eventually ends up in Rack::OAuth2::Client:

1. https://github.com/omniauth/omniauth_openid_connect/blob/v0.4.0/lib/omniauth/strategies/openid_connect.rb#L94
2. https://github.com/nov/openid_connect/blob/v1.3.0/lib/openid_connect/client.rb
3. https://github.com/nov/rack-oauth2/blob/v1.19.0/lib/rack/oauth2/client.rb#L8

Rack::OAuth2::Client has an absolute_uri_for method and looks like endpoints go through it.

def absolute_uri_for(endpoint)
  _endpoint_ = Util.parse_uri endpoint
  _endpoint_.scheme ||= self.scheme || 'https'

  # NOTE: just one host
  _endpoint_.host ||= self.host

  _endpoint_.port ||= self.port
  raise 'No Host Info' unless _endpoint_.host
  _endpoint_.to_s
end

I'm only guessing here:

Rack::OAuth2::Client.class_eval do
  private

  def absolute_uri_for(endpoint) # endpoint # => /token or /authorize ...
    _endpoint_ = Util.parse_uri endpoint
    _endpoint_.scheme ||= self.scheme || 'https'

    # NOTE: now there are two
    _endpoint_.host = if endpoint == "/token"
                        "oauth-secured.provider.com"
                      else
                        self.host
                      end

    _endpoint_.port ||= self.port
    raise 'No Host Info' unless _endpoint_.host
    _endpoint_.to_s
  end
end

Probably something will explode. I did not test it. There must be a reason for a single host.