Add Default Query Parameters for Authentication

[heissonwillen]

Add Default Query Parameters for Authentication

Summary

I have an use case in which I need a default query parameter for my IdP. The idea is pretty similar to --allowed-query-params, but I wouldn't need to first send the parameters to the gatekeeper when performing a request.

Although it's possible to accomplish this on an ingress / reverse-proxy / middleware level, it would be nice to have this directly on the gatekeeper.

Why?

• So I don't need to add extra configuration to my ingress / reverse-proxy / middleware.

How

• Similar implementation to --allowed-query-params.

Acceptance criteria

It is possible to define default query parameters to the IdP using the gatekeeper configuration, using both the command line and the configuration file.

• On the command line:

  --default-query-params="kc_idp_hint=google" \
  --default-query-params="ui_locales=pt_BR"

  • On the yaml configuration:

    default-query-params:
    kc_idp_hint: "google"
    ui_locales: "pt_BR"

Additional Information

Does this make sense to you @p53? If it does, I can work on it over the weekend.

[p53]

@heissonwillen hi, actually in current state of design (currently for one param you can specify only one allowed value) it would probably make sense to make allowed_query_params values, if specified, to be also default query params

[heissonwillen]

I thought about this, but it would be a breaking change. Would that be ok?

[p53]

will think about it

[p53]

created 2.12.0-rc1 there is also image, you can try, added default-allowed-query-params option, there is 2.12.0-rc1 image

[heissonwillen]

Tried it and it works fine. Thank you very much!