providers/proxy: send token request internally, with overwritten host header (#4675)

* send token request internally, with overwritten host header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/utils/web/http_host_interceptor.go

@@ -0,0 +1,31 @@
+package web
+
+import (
+	"net/http"
+	"net/url"
+
+	log "github.com/sirupsen/logrus"
+)
+
+type hostInterceptor struct {
+	inner http.RoundTripper
+	host  string
+}
+
+func (t hostInterceptor) RoundTrip(r *http.Request) (*http.Response, error) {
+	r.Host = t.host
+	return t.inner.RoundTrip(r)
+}
+
+func NewHostInterceptor(inner *http.Client, host string) *http.Client {
+	aku, err := url.Parse(host)
+	if err != nil {
+		log.WithField("host", host).WithError(err).Warn("failed to parse host")
+	}
+	return &http.Client{
+		Transport: hostInterceptor{
+			inner: inner.Transport,
+			host:  aku.Host,
+		},
+	}
+}