Background
A recent investigation revealed an interesting nuance re: how the OIDC login button presents on the Platform landing page.
- To make the button appear, the
backend container's MICRONAUT_ENVIRONMENTS variable must contain the scope auth-oidc.
- Platform code will automatically add this scope if it detects the
TOWER_OIDC_CLIENT environment variable within the backend container.
- In the CX Installer project, we bundle all the
TOWER_OIDC_* values as SSM entries (for convenience). Since this value is being sourced at runtime, it does NOT appear as an environment variable and thus this is why we have to explicitly set the scope via code.
TODOs
- Add note in project explaining this mechanism.
- Consider removing this value from
cron since it's not necessary.
- Cleanup edgecase that was noticed where
,, gets appended to the end of MICRONAUT_ENVIRONMENTS when no OIDC is active.
Background
A recent investigation revealed an interesting nuance re: how the OIDC login button presents on the Platform landing page.
backendcontainer'sMICRONAUT_ENVIRONMENTSvariable must contain the scopeauth-oidc.TOWER_OIDC_CLIENTenvironment variable within thebackendcontainer.TOWER_OIDC_*values as SSM entries (for convenience). Since this value is being sourced at runtime, it does NOT appear as an environment variable and thus this is why we have to explicitly set the scope via code.TODOs
cronsince it's not necessary.,,gets appended to the end ofMICRONAUT_ENVIRONMENTSwhen no OIDC is active.