Merge pull request #73 from BBMRI-ERIC/fix/update_oidc_settings

fix: update OIDC settings
BBMRI-ERIC · Jan 12, 2024 · 3c25c0a · 3c25c0a
2 parents 7f74088 + 3c40054
commit 3c25c0a
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 3 deletions.
diff --git a/oidc_mock/config/clients.json b/oidc_mock/config/clients.json
@@ -1,12 +1,12 @@
 [
   {
     "ClientId": "client-credentials-mock-client",
-    "Description": "Client for client credentials flow",
+    "Description": "Client for authorization code flow",
     "ClientSecrets": ["authorization-code-with-pkce-client-secret"],
     "AllowedGrantTypes": ["authorization_code"],
     "AllowAccessTokensViaBrowser": true,
     "RedirectUris": ["http://localhost:8080/logged-in"],
-    "AllowedScopes": ["openid", "profile", "email", "permissions"],
+    "AllowedScopes": ["openid", "profile", "email", "permissions", "some-app-scope-1"],
     "IdentityTokenLifetime": 36000,
     "AccessTokenLifetime": 3600,
     "ClientClaimsPrefix": ""

diff --git a/oidc_mock/docker-compose.yml b/oidc_mock/docker-compose.yml
@@ -26,6 +26,16 @@ services:
         {
           "AutomaticRedirectAfterSignOut": true
         }
+      API_SCOPES_INLINE: |
+        - Name: some-app-scope-1
+        - Name: some-app-scope-2
+      API_RESOURCES_INLINE: |
+        - Name: https://negotiator.bbmri-eric.eu
+          Scopes:
+            - some-app-scope-1
+            - some-app-scope-2
+          ApiSecrets:
+            - negotiator-secret
       IDENTITY_RESOURCES_PATH: /config/identity-resources.json
       USERS_CONFIGURATION_INLINE: |
         [

diff --git a/src/config/oidc.js b/src/config/oidc.js
@@ -5,7 +5,8 @@ const devSettings = {
   redirectUri: "http://localhost:8080/logged-in",
   postLogoutRedirectUri: "http://localhost:8080",
   responseType: "code",
-  scope: "openid profile email permissions",
+  resource: "https://negotiator.bbmri-eric.eu",
+  scope: "openid profile email permissions some-app-scope-1",
   automaticSilentRenew: true
 }
 
@@ -14,6 +15,7 @@ const prodSettings = {
   clientId: "CLIENT_ID_PLACEHOLDER",
   redirectUri: "REDIRECT_URI_PLACEHOLDER",
   postLogoutRedirectUri: "LOGOUT_URI_PLACEHOLDER",
+  resource: "RESOURCES_PLACEHOLDER",
   responseType: "code",
   scope: "openid profile email offline_access eduperson_entitlement",
   automaticSilentRenew: true

diff --git a/start.sh b/start.sh
@@ -9,6 +9,7 @@ do
   sed -i 's|CLIENT_ID_PLACEHOLDER|'${CLIENT_ID}'|g' $file
   sed -i 's|REDIRECT_URI_PLACEHOLDER|'${REDIRECT_URI}'|g' $file
   sed -i 's|LOGOUT_URI_PLACEHOLDER|'${LOGOUT_URI}'|g' $file
+  sed -i 's|RESOURCES_PLACEHOLDER|'${API_RESOURCES}'|g' $file
 
 done