Support OIDC configuration / discovery URL for easier set-up #1562
Description
Feature Request
Is your feature request related to a problem or unsupported use case? Please describe.
Currently, setting up OIDC login requires defining several variables:
OIDC_OP_JWKS_ENDPOINTOIDC_OP_AUTHORIZATION_ENDPOINTOIDC_OP_TOKEN_ENDPOINTOIDC_OP_USER_ENDPOINTOIDC_RP_CLIENT_IDOIDC_RP_CLIENT_SECRETOIDC_RP_SIGN_ALGOOIDC_RP_SCOPES
Supporting an OIDC issuer / configuration URL would mean only needing to specify:
OIDC_OP_AUTHORIZATION_ENDPOINTOIDC_RP_CLIENT_IDOIDC_RP_CLIENT_SECRET- and possibly
OIDC_RP_SCOPES
This involves a lot of (error-prone, possibly-confusing) copy/pasting.
Describe the solution you'd like
I agree with this comment on #735:
In my opinion ideal is using just one link for OIDC https:///realms//.well-known/openid-configuration this way if you change anything in Kyecloack you do not need to update any environmental variables because all of links are just read from the API.
I checked the mozilla-django-oidc docs, and it looks like this isn't supported – so possibly this feature request should be raised there instead / as well. But I thought it was useful to open it here in case anyone else arrives in this repo like me.
The standard name that I've seen from other projects for this variable is OIDC_ISSUER_URL.
Describe alternatives you've considered
- Continuing to require manual config is bearable
Discovery, Documentation, Adoption, Migration Strategy
Adding OIDC_ISSUER_URL to these files would make this feature visible to anyone who finds details of the existing OIDC variables:
docs/env.mddocs/installation/kubernetes.mdsrc/helm/env.d/dev/values.impress.yaml.gotmpldocs/examples/helm/impress.values.yamlenv.d/production.dist/backendsrc/helm/env.d/feature/values.impress.yaml.gotmpl
In terms of migration, existing deployments which specify the whole list of properties would continue to work fine.
Do you want to work on it through a Pull Request?
I would be very happy to!