Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🔥 Remove 'keycloak realm' as param #68

Merged
merged 6 commits into from
Sep 1, 2022

Conversation

dmihalcik-virtru
Copy link
Member

@dmihalcik-virtru dmihalcik-virtru commented Jul 20, 2022

  • Previously, we explicitly required passing in 'realm', variously referred to as orgName or organizationName, which we then used to build a keycloak-style URL
  • This is not part of the OIDC spec; it is a keycloak addition to support multi-tenancy. This is evident in how all realm requests are based off the [root]/realms[realm] path, including the .well-known OIDC discovery paths.
  • Instead, explicitly include the path as part of the root OIDC url
  • While I'm here, remove a few explicit references to keycloak

@dmihalcik-virtru dmihalcik-virtru requested a review from a team as a code owner July 20, 2022 14:37
@bleggett
Copy link

Yeah I did this but was never terribly happy with it.

All OIDC providers/IdPs (Okta, etc) that are multitenant (that is, all of them) will have a similar construct (org, realm, etc) - but yeah I see no real reason why we can't just make it part of the URL.

bleggett
bleggett previously approved these changes Jul 20, 2022
Copy link

@bleggett bleggett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pflynn-virtru
pflynn-virtru previously approved these changes Jul 20, 2022
- Previously, we explicitly required passing in 'realm', variously referred to as `orgName` or `organizationName`, which we then used to build a keycloak-style URL
- This is not part of the OIDC spec and a keycloak addition to support multi-tenancy. This is evident in how all realm requests are based off the `[root]/realms[realm]` path, including the `.well-known` OIDC discovery paths.
- Instead, explicitly include the path as part of the root OIDC url
- While I'm here, remove a few explicit references to keycloak
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 1, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@dmihalcik-virtru dmihalcik-virtru merged commit 2584dd7 into opentdf:main Sep 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants