Dynamic Configuration of OidcTrustedDomains.js

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).

MIT License

570 stars 152 forks source link

Dynamic Configuration of OidcTrustedDomains.js #1391

Open timurscribe opened 1 week ago

timurscribe commented 1 week ago

We currently have an app that retrieves configuration variables from the initial information request, which are then used to configure all endpoints and authentication URLs. Unfortunately, setting OidcTrustedDomains dynamically is not possible at the moment. It would be beneficial to have the ability to configure this dynamically.

jw265982 commented 1 week ago

Support

guillaume-chervet commented 1 week ago

Hi @timurscribe @jw265982 ,

Thank you for your issue. It is possible to build it dynamicaly from your server side. This his only secure way i know to do it.

timurscribe commented 1 week ago

Why is setting up a trusted domain on the client side not secure?
How about a Post message to the web worker that provides a trusted domain and initiates the authorization process? Thanks in advance.