You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The loadDiscoveryDocument method raises the error issuer must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS). when no issuer is specified by default.
My understanding
Context: No issuer provided in the initial config.
When I call authService.loadDiscoveryDocumentAndTryLogin(), loadDiscoveryDocument() is invoked without a parameter (fullUrl), so it:
Concatenates /.well-known/openid-configuration to an empty string
Expected behavior
When no issuer is provided, the default URL should be used like http[s]://current-server/.well-known/openid-configuration, and not only the path like /.well-known/openid-configuration.
Desktop (please complete the following information):
OS: WSL
Browser: Firefox, Edge, Arc, ...
Version: 17.0.2
Additional context
I'm using Keycloak on another server with an unpredictable realm (i.e., an unpredictable URL). To solve this issue, we proxy the Keycloak realm .well-known locally to our .well-known endpoint. There is no problem if, after that, the Angular client uses the absolute URL of the Keycloak realm. Because of this, I cannot provide the issuer URL.
I know that I could specify our local server and the issuer will be automatically replaced by the one specified in the discovery document. However, I believe it is a bad practice to set a temporary issuer.
The text was updated successfully, but these errors were encountered:
Describe the bug
The
loadDiscoveryDocumentmethod raises the errorissuer must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).when no issuer is specified by default.My understanding
Context: No issuer provided in the initial config.
When I call
authService.loadDiscoveryDocumentAndTryLogin(),loadDiscoveryDocument()is invoked without a parameter (fullUrl), so it:/.well-known/openid-configurationto an empty stringhttpsStackblitz example
sorry, too lazy.
To Reproduce
Steps to reproduce the behavior:
authService.loadDiscoveryDocumentAndTryLogin()Expected behavior
When no issuer is provided, the default URL should be used like
http[s]://current-server/.well-known/openid-configuration, and not only the path like/.well-known/openid-configuration.Desktop (please complete the following information):
Additional context
I'm using Keycloak on another server with an unpredictable realm (i.e., an unpredictable URL). To solve this issue, we proxy the Keycloak realm .well-known locally to our .well-known endpoint. There is no problem if, after that, the Angular client uses the absolute URL of the Keycloak realm. Because of this, I cannot provide the issuer URL.
I know that I could specify our local server and the issuer will be automatically replaced by the one specified in the discovery document. However, I believe it is a bad practice to set a temporary issuer.
The text was updated successfully, but these errors were encountered: