Add issuer to OpenIDIdentityProvider

This change adds an issuer field which can be used to perform discovery via the /.well-known/openid-configuration endpoint. This makes the OpenIDURLs struct obsolete. Signed-off-by: Monis Khan <mkhan@redhat.com>
omertuc · Mar 25, 2019 · 3924b1d · 3924b1d
1 parent f88bf8a
commit 3924b1d
Showing 1 changed file with 3 additions and 17 deletions.
diff --git a/config/v1/types_oauth.go b/config/v1/types_oauth.go
@@ -511,28 +511,14 @@ type OpenIDIdentityProvider struct {
 	// +optional
 	ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"`
 
-	// urls to use to authenticate
-	URLs OpenIDURLs `json:"urls"`
+	// issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
+	// It must use the https scheme with no query or fragment component.
+	Issuer string `json:"issuer"`
 
 	// claims mappings
 	Claims OpenIDClaims `json:"claims"`
 }
 
-// OpenIDURLs are URLs to use when authenticating with an OpenID identity provider
-type OpenIDURLs struct {
-	// authorize is the oauth authorization URL
-	Authorize string `json:"authorize"`
-
-	// token is the oauth token granting URL
-	Token string `json:"token"`
-
-	// userInfo is the optional userinfo URL.
-	// If present, a granted access_token is used to request claims
-	// If empty, a granted id_token is parsed for claims
-	// +optional
-	UserInfo string `json:"userInfo"`
-}
-
 // UserIDClaim is the claim used to provide a stable identifier for OIDC identities.
 // Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
 //  "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can