Merge pull request openshift#265 from enj/enj/i/tighten_oauth

Update OAuth API

config/v1/types_oauth.go

@@ -121,12 +121,6 @@ type IdentityProvider struct {
 	//   Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
 	Name string `json:"name"`
 
-	// challenge indicates whether to issue WWW-Authenticate challenges for this provider
-	UseAsChallenger bool `json:"challenge"`
-
-	// login indicates whether to use this identity provider for unauthenticated browsers to login against
-	UseAsLogin bool `json:"login"`
-
 	// mappingMethod determines how identities from this provider are mapped to users
 	// Defaults to "claim"
 	// +optional
@@ -517,28 +511,14 @@ type OpenIDIdentityProvider struct {
 	// +optional
 	ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"`
 
-	// urls to use to authenticate
-	URLs OpenIDURLs `json:"urls"`
+	// issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
+	// It must use the https scheme with no query or fragment component.
+	Issuer string `json:"issuer"`
 
 	// claims mappings
 	Claims OpenIDClaims `json:"claims"`
 }
 
-// OpenIDURLs are URLs to use when authenticating with an OpenID identity provider
-type OpenIDURLs struct {
-	// authorize is the oauth authorization URL
-	Authorize string `json:"authorize"`
-
-	// token is the oauth token granting URL
-	Token string `json:"token"`
-
-	// userInfo is the optional userinfo URL.
-	// If present, a granted access_token is used to request claims
-	// If empty, a granted id_token is parsed for claims
-	// +optional
-	UserInfo string `json:"userInfo"`
-}
-
 // UserIDClaim is the claim used to provide a stable identifier for OIDC identities.
 // Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
 //  "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can