Draft: OAuth2 Correction & Gateway Deployment
This PR fixes the use of ID token and Access Token for the Gateway. It also replaces the previous OIDC connection mechanism (in the code) by an init container approach, and proposes a new configuration setup for the gateway.
OpenID Connect changes
- The OIDC ID token is now passed in a custom header (default
X-Id-Token
) - The OAuth2 Access Token is passed in the
Authorization
header instead of the ID token
Gateway configuration changes
- The gateway is now configured using two files
-
config.yml
: contains non-sensitive config (redirections, default server address and port, ...) -
secrets.yml
: contains sensitive config (client secret, client ID, OIDC config, ...)
-
-
secrets.yml.dist
provides a template that can be used to createsecrets.yml
OIDC Endpoint Connection changes
- The for loop that tries to connect to the OIDC endpoint is removed from the code
- The connection tests is added via in a
docker-compose.yml
file using an init container - An init container is added to the helm charts as well