oidc-sso anonymous user enabling optional

[ghost]

Please use the form below, leaving the prefilled data to help us. Thank you.

Page link: oidc-sso

Document link: oidc.md

My Issue/Suggestion

Hey there! Why is the enabling of anonymous users part of the OIDC documentation [0]? As for me the OIDC module works just fine without enabling it and it moreof seems like a security issue for me. In my opinion this step should at least be marked as optional. Or is there something I'm missing out on?

[0] https://docs.mendix.com/appstore/modules/oidc/#42-allowing-anonymous-users

[MarkvanMents]

Hi, Thank you for bringing this to our attention. I have been in contact with the developers and they have explained why anonymous users are required and have identified that a piece of configuration was left out of the documentation. I've updated the documentation to add the missing configuration and explain why anonymous users are required. Please see the Pull Request https://github.com/mendix/docs/pull/5750 for details of the changes. In summary, my understanding is that the anonymous user access is used in two circumstances:

1. When there are multiple IdPs configured, to allow the end user to choose which IdP to use.
2. When the end user signs out, to show them a page where they can choose to sign back in again if required.

Without this access, the OIDC module will still work to log users in, but you may want to test these specific scenarios and ensure that your app behaves as you want it.

I offered your suggestion of making the step optional, but the developers felt that this would affect how the module is supposed to work.

Thanks you for raising this issue and helping us identify some missing documentation.

Yours

Mark van Ments.