fix: #1197 update terraform IDP config to manual enter endpoints (#1202)

infrastructure/server/oidc_idp_bceid_business.tf

@@ -11,6 +11,10 @@ resource "aws_cognito_identity_provider" "dev_bceid_business_oidc_provider" {
     client_secret             = var.dev_oidc_bceid_business_idp_client_secret
     oidc_issuer               = var.dev_oidc_idp_issuer
     attributes_request_method = "GET"
+    authorize_url             = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -36,6 +40,10 @@ resource "aws_cognito_identity_provider" "test_bceid_business_oidc_provider" {
     client_secret             = var.test_oidc_bceid_business_idp_client_secret
     oidc_issuer               = var.test_oidc_idp_issuer
     attributes_request_method = "GET"
+    authorize_url             = "${var.test_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.test_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.test_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.test_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -64,6 +72,10 @@ resource "aws_cognito_identity_provider" "prod_bceid_business_oidc_provider" {
     client_secret             = var.prod_oidc_bceid_business_idp_client_secret
     oidc_issuer               = var.prod_oidc_idp_issuer
     attributes_request_method = "GET"
+    authorize_url             = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {

infrastructure/server/oidc_idp_idir.tf

@@ -11,6 +11,10 @@ resource "aws_cognito_identity_provider" "dev_idir_oidc_provider" {
     client_secret             = var.dev_oidc_idir_idp_client_secret
     oidc_issuer               = var.dev_oidc_idp_issuer
     attributes_request_method = "GET"
+    authorize_url             = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.dev_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -34,6 +38,10 @@ resource "aws_cognito_identity_provider" "test_idir_oidc_provider" {
     client_secret             = var.test_oidc_idir_idp_client_secret
     oidc_issuer               = var.test_oidc_idp_issuer
     attributes_request_method = "GET"
+    authorize_url             = "${var.test_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.test_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.test_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.test_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -58,6 +66,10 @@ resource "aws_cognito_identity_provider" "prod_idir_oidc_provider" {
     client_secret             = var.prod_oidc_idir_idp_client_secret
     oidc_issuer               = var.prod_oidc_idp_issuer
     attributes_request_method = "GET"
+    authorize_url             = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/auth"
+    token_url                 = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/token"
+    attributes_url            = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/userinfo"
+    jwks_uri                  = "${var.prod_oidc_idp_issuer}/protocol/openid-connect/certs"
   }
 
   attribute_mapping = {
@@ -70,4 +82,4 @@ resource "aws_cognito_identity_provider" "prod_idir_oidc_provider" {
     "custom:keycloak_username" = "preferred_username"
   }
 
-}
+}

infrastructure/server/variables_provided.tf

@@ -132,7 +132,6 @@ variable "prod_oidc_bcsc_idp_client_id" {
   default = "not.yet.implemented"
 }
 
-
 # Networking Variables
 variable "subnet_data_a" {
   description = "Value of the name tag for a subnet in the DATA security group"