The OIDC_AUTH_URL is used to initiate the Authorization Code Flow. This client is actually capable of discovering this value by hitting the OIDC provider's (e.g. Dex) .well-known endpoint, so as long as the OIDC provider is exposing this information, it should be enough.
Right now, this value is hard coded to /dex/auth, and while it is not incorrect, it is preferred that the OIDC provider (in this case dex-auth) sets it, in the end this is the charm that will know this information. oidc-gatekeeper on its side can just infer it in order to keep these values accurate and equal in both charms.
Context
The
OIDC_AUTH_URL
is used to initiate the Authorization Code Flow. This client is actually capable of discovering this value by hitting the OIDC provider's (e.g. Dex).well-known
endpoint, so as long as the OIDC provider is exposing this information, it should be enough.Right now, this value is hard coded to
/dex/auth
, and while it is not incorrect, it is preferred that the OIDC provider (in this casedex-auth
) sets it, in the end this is the charm that will know this information.oidc-gatekeeper
on its side can just infer it in order to keep these values accurate and equal in both charms.This task depends on https://github.com/canonical/dex-auth-operator/issues/202
What needs to get done
Remove the
OIDC_AUTH_URL
env variable and allow the client to infer it formdex-auth
's.well-known
endpoint.Definition of Done
The
oidc-gatekeeper
does not depend on the variable for initiating the Authorization flow.