spacewander commented on issue #2426: URL: https://github.com/apache/apisix/issues/2426#issuecomment-1095834759
> > > > Should `redirect_uri` be configured as a plugin configuration instead of plugin attributes? Different OIDC clients may need different redirect uri. > > > > > > > > > I think the config as plugin attributes can cover the config as plugin config. So we can set a default `redirect_uri`. > > > > > > Is it a good idea to have the same `redirect_uri` for different clients? AFAIK, the redirect_uri is used to get token (which requires different client credentials) so we can't use the same path for different clients. > > Hi @spacewander I don't think having the same `redirect_uri` for multiple OIDC providers would be an issue. I assume so based on the [sequence diagram above](https://github.com/apache/apisix/issues/2426#issuecomment-1091021687), where it seems like that APISIX must do two things if `redirect_uri` is called: > > 1. Exchange the auth code for an access token. Here, APISIX should be able to determine which OIDC provider to query from the session state. > 2. Redirect the user back to the initial requested URI. Same here, this URI should be retrievable from session state too. The `redirect_uri` needs to exchange the auth code for an access token. So, different clients may have different ways to exchange it. If a new exchange way can't put all its configuration in the session state, for example, needs extra configuration in the APISIX, we will be in trouble. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
