Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need a way to update Console's Callback & Allowed Origins #18164

Closed
brionmario opened this issue Nov 29, 2023 · 13 comments
Closed

Need a way to update Console's Callback & Allowed Origins #18164

brionmario opened this issue Nov 29, 2023 · 13 comments

Comments

@brionmario
Copy link
Member

brionmario commented Nov 29, 2023

Is your suggestion related to an experience ? Please describe.

ATM, the API restricts any updates to the api/server/v1/applications/<ID>/inbound-protocols/oidc endpoint with PUT operations for Console application since it's treated as a system application by default.

Describe the improvement

We need to allow this since it's needed if a user wants to externalize the Console.

Proposed UI

Screenshot 2023-11-28 at 08 09 36

Additional context

A similar improvement was done to allow the update of Authentication Sequence of Console. (https://github.com/wso2/identity-api-server/pull/536/files)

@brionmario
Copy link
Member Author

@UdeshAthukorala FE PR is merged: wso2/identity-apps#4842

And the tab is disabled. Please enable after BE PRs are merged.

@malithie
Copy link
Member

malithie commented Dec 1, 2023

There's no requirement to externalize the console in Identity Server perspective.
Which actually means this doesn't need to come to the UI. Ideally, it's a deployment.toml level config or "Server" level config.

This requirement is there for Asgardeo. So treat this as a blocker to get IS RC deployed on Asgardeo.

FYI: @darshanasbg @thanujalk

@malithie
Copy link
Member

malithie commented Dec 1, 2023

Changing the priority level as this is a blocker for Asgardeo

@brionmario
Copy link
Member Author

The UI implementation is already merged to the Console and is hidden from the UI for now until the API is merged.

@malithie Should we keep it hidden and document to use the API for updating these URLs?

@malithie
Copy link
Member

malithie commented Dec 2, 2023

Is this a tenat wide config ? Is that why we have an API ?
Or this API is not tenant level but server level ?

@UdeshAthukorala
Copy link
Contributor

Is this a tenat wide config ? Is that why we have an API ? Or this API is not tenant level but server level ?

Hi @malithie ,

With this improvement we can change console application's callBack URLs and allowed origins, from this updateInboundOAuthConfiguration API[1]. Since this is a tenanted API we can change it tenant wise.

[1] https://is.docs.wso2.com/en/latest/apis/application-rest-api/#/Inbound%20Protocols%20-%20OAuth%20%2F%20OIDC/updateInboundOAuthConfiguration

@UdeshAthukorala
Copy link
Contributor

@brionmario BE PRs are merged.

@malithie
Copy link
Member

malithie commented Dec 4, 2023

IMO, this is a server level requirement. Externalizing the console is not a requirement from the Identity Server perspective but from Asgardeo perspective.
And there's no requirement anyway to have this tenant wise.
@darshanasbg what's your view on this

@darshanasbg
Copy link
Contributor

IMO, this is a server level requirement. Externalizing the console is not a requirement from the Identity Server perspective but from Asgardeo perspective. And there's no requirement anyway to have this tenant wise. @darshanasbg what's your view on this

Yes, externalizing the console, don't needed to be a tenant wise option. Having server level config should be enough.

@thanujalk thanujalk modified the milestones: 7.0.0-rc1, 7.0.0-beta3 Dec 6, 2023
@UdeshAthukorala
Copy link
Contributor

Hi all,
Previous Tenant wise api improvement to upodate console application's callbaclk urls & allowed orgins willl be reverted with the below PRs.

@UdeshAthukorala
Copy link
Contributor

After having a further discussions with the team we have decided to introduce a new toml config as a server level to update console & myacount callback urls.

For update allowed orgins we can use the existing cors configuration toml config. SO no need to have a seperate improvement for this.

@thanujalk thanujalk modified the milestones: 7.0.0-beta4, 7.0.0-beta5 Dec 23, 2023
@UdeshAthukorala
Copy link
Contributor

  • Introduced a toml config to update console & myaccount callback url & access urls

    New Toml Configs

    [console]
    callback_url = "https://localhost:9001/t/{TENANT_DOMAIN}/console"
    access_url = "https://localhost:9001/t/{TENANT_DOMAIN}/console"
    
    [myaccount]
    callback_url = "https://localhost:9000/t/{TENANT_DOMAIN}/myaccount"
    access_url = "https://localhost:9000/t/{TENANT_DOMAIN}/myaccount"
    

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment