There is more than 1 OIDC server url ENV that can be injected in the app

[carlosthe19916]

There are 3 different environment variables that can be injected in the app:

• AUTHENTICATOR_OIDC_ISSUER_URL
• OIDC_PROVIDER_ISSUER_URL
• TRUSTD_ISSUER_URL
• UI_ISSUER_URL

In the case where the Trustify would be connected to a OIDC provider like Keycloak. In which cases all those 4 ENVs could be different? Or are all of them the same just with with different names?

For instance I can not imagine there is an scenario where UI_ISSUER_URL can point to SERVER_1 but AUTHENTICATOR_OIDC_ISSUER_URL points to SERVER_2. For them to be able to talk to each other both need to have the same oidc server URL.

[ctron]

No all env-var do the same. Some can be internal URIs (like in k8s, services) some can be external.

I'd expect a Helm chart or operator taking care of this.

[carlosthe19916]

I'll talk only about the ones I have verified which are:

• UI_ISSUER_URL
• AUTHENTICATOR_OIDC_ISSUER_URL

Those 2 URLs seem like they will be the same. Are you saying that those 2 env don't do the same? If yes, then that would mean that:
UI_ISSUER_URL=ABC and AUTHENTICATOR_OIDC_ISSUER_URL=XYZ? sorry to bug you but in which specific scenario those 2 ENVs can have different values? I think what I am saying is that those 2 Envs might be merged into only one (assuming both do the same).

[ctron]

They seem to be. But they might be not. The authenticator part is much more complex than the UI. As the authenticator can support multiple issuers. Internal or external.