Client configuration should use OIDC auto-discovery

Question

Client configuration should use OIDC auto-discovery

bbockelm opened this issue a year ago · comments

Right now, a client config looks something like this:

    <client name="proxy-client">
        ... (some stuff) ....
        <serviceUri>https://cilogon.org/oauth2</serviceUri>
        <authorizeUri>https://cilogon.org/authorize</authorizeUri>
        <wellKnownUri>https://cilogon.org/oauth2/.well-known/openid-configuration</wellKnownUri>
        ... (other stuff) ....
    </client>

Where the serviceUri is then used to construct default URLs, such as the accessTokenUri, authorizeUri, deviceAuthorizationUri, and userInfoUri by assuming that the service for the client is following OA4MP's pattern of endpoint construction.

This could all be replaced with setting the issuer URL and using metadata discovery.

Jeff Gaynor · Answer 1 · Tue Nov 21 2023 00:04:00 GMT+0800 (China Standard Time)

Agreed. This was put into place long before there was discovery. However, they still should be retained in case they need to be locally overridden.

Jeff Gaynor · Answer 2 · Wed Jun 12 2024 22:57:50 GMT+0800 (China Standard Time)

Available in 5.5