From 3924b1da5216ade6d77951fffedf23c811e5be94 Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Mon, 25 Mar 2019 16:18:00 -0400 Subject: [PATCH] Add issuer to OpenIDIdentityProvider This change adds an issuer field which can be used to perform discovery via the /.well-known/openid-configuration endpoint. This makes the OpenIDURLs struct obsolete. Signed-off-by: Monis Khan --- config/v1/types_oauth.go | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/config/v1/types_oauth.go b/config/v1/types_oauth.go index cf2d48412a6..7aa0133e732 100644 --- a/config/v1/types_oauth.go +++ b/config/v1/types_oauth.go @@ -511,28 +511,14 @@ type OpenIDIdentityProvider struct { // +optional ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"` - // urls to use to authenticate - URLs OpenIDURLs `json:"urls"` + // issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. + // It must use the https scheme with no query or fragment component. + Issuer string `json:"issuer"` // claims mappings Claims OpenIDClaims `json:"claims"` } -// OpenIDURLs are URLs to use when authenticating with an OpenID identity provider -type OpenIDURLs struct { - // authorize is the oauth authorization URL - Authorize string `json:"authorize"` - - // token is the oauth token granting URL - Token string `json:"token"` - - // userInfo is the optional userinfo URL. - // If present, a granted access_token is used to request claims - // If empty, a granted id_token is parsed for claims - // +optional - UserInfo string `json:"userInfo"` -} - // UserIDClaim is the claim used to provide a stable identifier for OIDC identities. // Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability // "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can