Having such an option is actually indispensable if
you are developing locally with containers and need to have an application container and a fief container talk to each other inside the container network (e.g. docker compose, minikube, etc.)
you are implementing a CI/CD workflow (e.g. for using TDD) and the worker needs to create temporary containers for the application and Fief – they need to be able to talk to each other over http in order to run the automated tests.
Following discussion #230, I think it could be a good idea to have a setting to disable the HTTPS requirement for Client Redirect URL.
In some contexts, like private deployments, it may be useful to disable it. Of course, this would need a proper warning in the related documentation.
Plan:
client_redirect_uri_ssl_required
toSettings
. Defaults toTrue
.validate_redirect_uri
implementation to account for this parameter.False
.