diff --git a/pkg/command/frontend.go b/pkg/command/frontend.go index ed08952098..5f237458b5 100644 --- a/pkg/command/frontend.go +++ b/pkg/command/frontend.go @@ -138,51 +138,6 @@ func Frontend(cfg *config.Config) *cli.Command { "gateway": "", // TODO not needed? "transfer_shared_secret": cfg.Reva.TransferSecret, }, - "wellknown": map[string]interface{}{ - "issuer": cfg.Reva.OIDC.Issuer, - "authorization_endpoint": cfg.Reva.OIDC.Issuer + "/oauth2/auth", - "token_endpoint": cfg.Reva.OIDC.Issuer + "/oauth2/token", - "revocation_endpoint": cfg.Reva.OIDC.Issuer + "/oauth2/auth", - "introspection_endpoint": cfg.Reva.OIDC.Issuer + "/oauth2/introspect", - "userinfo_endpoint": cfg.Reva.OIDC.Issuer + "/oauth2/userinfo", - }, - "oidcprovider": map[string]interface{}{ - "prefix": "oauth2", - "gateway": cfg.Reva.Gateway.URL, - "issuer": cfg.Reva.OIDC.Issuer, - "clients": map[string]interface{}{ - // TODO make these configurable - // note: always use authorization code flow, see https://developer.okta.com/blog/2019/05/01/is-the-oauth-implicit-flow-dead for details - "phoenix": map[string]interface{}{ - "id": "phoenix", - "redirect_uris": []string{"http://localhost:9100/oidc-callback.html", "http://localhost:9100/"}, - "grant_types": []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, - "response_types": []string{"code"}, - "scopes": []string{"openid", "profile", "email", "offline"}, - "public": true, // force PKCS for public clients - }, - // desktop - "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69": map[string]interface{}{ - "id": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "client_secret": "$2y$12$pKsCQPp8e/UOL1QDQhT3g.1J.KK8oMJACbEXIqRD0LiOxvgey.TtS", - // preregister localhost ports for the desktop - "redirect_uris": desktopRedirectURIs, - "grant_types": []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, - "response_types": []string{"code"}, - "scopes": []string{"openid", "profile", "email", "offline", "offline_access"}, - }, - // TODO add cli command for token fetching - "cli": map[string]interface{}{ - "id": "cli", - "client_secret": "$2a$10$IxMdI6d.LIRZPpSfEwNoeu4rY3FhDREsxFJXikcgdRRAStxUlsuEO", // = "foobar" - // use hardcoded port credentials for cli - "redirect_uris": []string{"http://localhost:18080/callback"}, - "grant_types": []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, - "response_types": []string{"code"}, - "scopes": []string{"openid", "profile", "email", "offline"}, - }, - }, - }, "ocdav": map[string]interface{}{ "prefix": "", "chunk_folder": "/var/tmp/revad/chunks", diff --git a/pkg/flagset/authbearer.go b/pkg/flagset/authbearer.go index 6da4204876..51180ce983 100644 --- a/pkg/flagset/authbearer.go +++ b/pkg/flagset/authbearer.go @@ -86,13 +86,14 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag { &cli.StringFlag{ Name: "oidc-issuer", - Value: "http://localhost:9140", + Value: "https://localhost:9130", Usage: "OIDC issuer", EnvVars: []string{"REVA_OIDC_ISSUER"}, Destination: &cfg.Reva.OIDC.Issuer, }, &cli.BoolFlag{ Name: "oidc-insecure", + Value: true, Usage: "OIDC allow insecure communication", EnvVars: []string{"REVA_OIDC_INSECURE"}, Destination: &cfg.Reva.OIDC.Insecure, diff --git a/pkg/flagset/frontend.go b/pkg/flagset/frontend.go index 33c8668cdd..4d4751132d 100644 --- a/pkg/flagset/frontend.go +++ b/pkg/flagset/frontend.go @@ -113,13 +113,14 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { &cli.StringFlag{ Name: "oidc-issuer", - Value: "http://localhost:9140", + Value: "https://localhost:9130", Usage: "OIDC issuer", EnvVars: []string{"REVA_OIDC_ISSUER"}, Destination: &cfg.Reva.OIDC.Issuer, }, &cli.BoolFlag{ Name: "oidc-insecure", + Value: true, Usage: "OIDC allow insecure communication", EnvVars: []string{"REVA_OIDC_INSECURE"}, Destination: &cfg.Reva.OIDC.Insecure,