Improve OpenIdConfiguration model #45
Conversation
|
| @@ -9,7 +9,9 @@ export default async function GrantTypes(props: Readonly<GrantTypesProps>) { | |||
| const openIdConfiguration = await fetchOpenIdConfiguration(); | |||
| const active_grant_types = props.grant_types ?? []; | |||
| const { grant_types_supported } = openIdConfiguration; | |||
| const grant_types = grant_types_supported.map(gt => { | |||
| const grant_types = ( | |||
| grant_types_supported ?? ["authorization_code", "implicit"] | |||
There was a problem hiding this comment.
With new client creation page we want to support only one grant type at the time, as mutual exclusive option.
Even though the grant types field is a list, it must be exactly one element long.
There was a problem hiding this comment.
Sorry my fault, I thought it was related to the client creation but we are talking about the client editing/visualization.
I'm not sure if we want to add not one, but two fallback options in case the backend provides no supported grant type from the well known endpoint.
In any case, if I remember correctly, we don't want to support implicit credential
@giacomini @enricovianello
There was a problem hiding this comment.
They're just the fallback values in case the list of grant_types_supported is not returned in the /.well-known/openid-configuration (actually I think IAM always returns it). The specifications says that in case of omission these are the default values. In case it's not wanted to support the implicit grant type, it's up to the backend to return the correct list in the .well-known.
Just to be clear, these fallback values are not actually used because IAM specify grant_types_supported, they are added just to make TypeScript happy.
There was a problem hiding this comment.
I agree that implicit must be removed from the well known (that's tautological), but still I do not understand why we want to hardcode the implicit fallback value if don't want to support it at all. Ok to make TypeScript happy, but I think it will be happy also without the implicit value :D
There was a problem hiding this comment.
Just to be adhere to the specs. In case in the future a IAM deployment decides to use the default list of grant_types_supported and so does not explicit it in .well-known (this will probably never happen).
No description provided.