OIDC config to allow mismatched discovery / issuer #5712
Commits on Aug 31, 2024
-
OIDC config to allow mismatched discovery / issuer
- There are a number of cases where the OIDC discovery url returns one issuer, but its desirable to use a separately configured / named issuer for validation instead. There are cases in Azure where this is necessary due to their non-standard OIDC configuration -- which is why this was originally added: coreos/go-oidc#315 There are also cases where it's necessary to use an in-cluster service address, but browser clients are using the external ingress address. Due to cluster DNS configuration, it's possible that flyteadmin may be unable to resolve or use the public ingress address for an Idp, but the internal service address is available. This configuration change allows for that. Signed-off-by: ddl-ebrown <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.