search

asgardeo / asgardeo-tomcat-oidc-agent

OIDC Agent for Tomcat using Java OIDC SDK for Asgardio
Apache License 2.0
15 stars 36 forks source link

Simplify and group the configs in the oidc-sample-app.properties #25

Closed piraveena closed 3 years ago

piraveena commented 3 years ago

Is your suggestion related to an experience ? Please describe. The oidc-sample-app.properties file contains below properties.

   consumerKey=<clientID>
   consumerSecret=<clientSecret>
   skipURIs=/oidc-sample-app/index.html
   indexPage=index.html
   logoutURL=logout
   callBackURL=http://localhost:8080/oidc-sample-app/oauth2client
   scope=openid,internal_application_mgt_view
   authorizeEndpoint=https://dev.accounts.asgardeo.io/t/<your_tenant_domain>/oauth2/authorize
   logoutEndpoint=https://dev.accounts.asgardeo.io/t/<your_tenant_domain>/oidc/logout
   #sessionIFrameEndpoint=https://dev.accounts.asgardeo.io/t/<your_tenant_domain>/oidc/checksession
   tokenEndpoint=https://dev.accounts.asgardeo.io/t/<your_tenant_domain>/oauth2/token
   issuer=https://dev.accounts.asgardeo.io/t/<your_tenant_domain>/oauth2/token
   jwksEndpoint=https://dev.accounts.asgardeo.io/t/<your_tenant_domain>/oauth2/jwks
   postLogoutRedirectURI=http://localhost:8080/oidc-sample-app/index.html
   trustedAudience=http://localhost:8080/oidc-sample-app
  1. So in the quickstart flow, user has to copy the entire configs from the console/doc. So unnecessary configs such as trustedAudience, callback url,index page, logoutURL that are related to the app should not be visible to the user for QSG flow.
  2. We should support OIDC discovery endpoint and derive them
  3. This properties file should take only client-id,client-secret and discovery endpoint and other configs should be advanced configs