Closed ghost closed 1 year ago
Hi, Thank you for bringing this to our attention. I have been in contact with the developers and they have explained why anonymous users are required and have identified that a piece of configuration was left out of the documentation. I've updated the documentation to add the missing configuration and explain why anonymous users are required. Please see the Pull Request https://github.com/mendix/docs/pull/5750 for details of the changes. In summary, my understanding is that the anonymous user access is used in two circumstances:
Without this access, the OIDC module will still work to log users in, but you may want to test these specific scenarios and ensure that your app behaves as you want it.
I offered your suggestion of making the step optional, but the developers felt that this would affect how the module is supposed to work.
Thanks you for raising this issue and helping us identify some missing documentation.
Yours
Mark van Ments.
Please use the form below, leaving the prefilled data to help us. Thank you.
Page link: oidc-sso
Document link: oidc.md
My Issue/Suggestion
Hey there! Why is the enabling of anonymous users part of the OIDC documentation [0]? As for me the OIDC module works just fine without enabling it and it moreof seems like a security issue for me. In my opinion this step should at least be marked as optional. Or is there something I'm missing out on?
[0] https://docs.mendix.com/appstore/modules/oidc/#42-allowing-anonymous-users