Skip to content

[OIDC] Add (backend) validation for entered client config #15960

Closed
@AlexTugarev

Description

@AlexTugarev

There are several means to verify that the entered OIDC client config is actually usable:

  1. A reachability test for the issuer's URL should check if the backend services can actually work with the IdP. We learned several times that this is a common source of failure with different reasons, for instance: typo in URL, filtered by firewall, DNS quirks, etc.

  2. Testing clientID/clientSecret, can only be done by letting the installer use the OIDC flow themselves.

  3. Testing if OIDC discovery is supported, otherwise we need to fall back to full-fledged OIDC client configuration.

Metadata

Metadata

Assignees

Labels

meta: staleThis issue/PR is stale and will be closed soon

Type

No type

Projects

Status

In Validation

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions