feat(oidc): make OIDC endpoint runtime configurable

adfinis · Dec 5, 2023 · 2531d6b · 2531d6b
1 parent b11dcd5
commit 2531d6b
Show file tree

Hide file tree

Showing 5 changed files with 3 additions and 9 deletions.
diff --git a/.github/workflows/release-container-image.yaml b/.github/workflows/release-container-image.yaml
@@ -19,8 +19,6 @@ on:
         required: true
       TIMED_PROD_HOST:
         required: true
-      OIDC_HOST:
-        required: true
 
 
 jobs:
@@ -89,7 +87,6 @@ jobs:
             AUTH_ROLE_CUSTOMER=${{ secrets.AUTH_ROLE_CUSTOMER }}
             TIMED_STAGING_HOST=${{ secrets.TIMED_STAGING_HOST }}
             TIMED_PROD_HOST=${{ secrets.TIMED_PROD_HOST }}
-            OIDC_HOST=${{ secrets.OIDC_HOST }}
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.prep.outputs.tags }}
           labels: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -61,6 +61,5 @@ jobs:
       AUTH_ROLE_CUSTOMER: ${{ secrets.AUTH_ROLE_CUSTOMER }}
       TIMED_STAGING_HOST: ${{ secrets.TIMED_STAGING_HOST }}
       TIMED_PROD_HOST: ${{ secrets.TIMED_PROD_HOST }}
-      OIDC_HOST: ${{ secrets.OIDC_HOST }}
 
 
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
@@ -5,7 +5,6 @@ ARG AUTH_ROLE_EMPLOYEE
 ARG AUTH_ROLE_CUSTOMER
 ARG TIMED_STAGING_HOST
 ARG TIMED_PROD_HOST
-ARG OIDC_HOST
 # Install dependencies.
 RUN apk update && \
   apk add --no-cache \
@@ -38,6 +37,7 @@ COPY nginx.conf /etc/nginx/conf.d/default.conf
 WORKDIR /usr/share/nginx/html
 
 COPY ./docker-entrypoint.sh /
+ENV OIDC_CLIENT_HOST https://sso.example.com/auth/realms/example/protocol/openid-connect
 ENV OIDC_CLIENT cc
 
 EXPOSE 80

diff --git a/frontend/config/environment.js b/frontend/config/environment.js
@@ -87,10 +87,7 @@ module.exports = function (environment) {
 
   if (environment === "production") {
     // Whether Stage or Prod, the OIDC host and client will stay the same
-    ENV["ember-simple-auth-oidc"].host = env(
-      "OIDC_HOST",
-      "http://timed.local/auth/realms/timed/protocol/openid-connect"
-    );
+    ENV["ember-simple-auth-oidc"].host = "sso-client-host";
     ENV["ember-simple-auth-oidc"].clientId = "sso-client-id";
   }
 

diff --git a/frontend/docker-entrypoint.sh b/frontend/docker-entrypoint.sh
@@ -18,6 +18,7 @@ urlencode() {
 
 sed -i \
   -e "s/sso-client-id/$(urlencode ${OIDC_CLIENT})/g" \
+  -e "s/sso-client-host/$(urlencode ${OIDC_CLIENT_HOST})/g" \
   /usr/share/nginx/html/index.html
 
 exec "$@"