[87] add login.gov certs and configuration #99
Conversation
| login_redirect_uri: ENV.fetch("LOGIN_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/auth/result"), | ||
| logout_redirect_uri: ENV.fetch("LOGOUT_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/"), |
There was a problem hiding this comment.
when we have shared sessions, these can point to the same place for both platform and portal apps, but for now they each redirect to themselves since there are separate logins.
| login_redirect_uri: ENV.fetch("LOGIN_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/auth/result"), | ||
| logout_redirect_uri: ENV.fetch("LOGOUT_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/"), | ||
| acr_value: "http://idmanagement.gov/ns/assurance/loa/1", | ||
| client_id: ENV.fetch("LOGIN_CLIENT_ID", "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:_client_id"), # default fake ID for CI |
There was a problem hiding this comment.
we could have the env fail if these ENV are missing, but I went with defaults to make CircleCI/test environments happy without adding unnecessary env vars to them.
| LOGIN_IDP_AUTHORIZE_URL: https://idp.int.identitysandbox.gov/openid_connect/authorize | ||
| LOGIN_TOKEN_ENDPOINT: https://idp.int.identitysandbox.gov/api/openid_connect/token |
There was a problem hiding this comment.
this app calculates the authorize and token endpoints from LOGIN_IDP_HOST, which is the base URL. I assume these don't need to be separate hosts.
There was a problem hiding this comment.
Sounds good, I had just followed the patterns we'd used on the portal, this makes more sense.
| login_redirect_uri: ENV.fetch("LOGIN_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/auth/result"), | ||
| logout_redirect_uri: ENV.fetch("LOGOUT_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/"), |
| login_redirect_uri: ENV.fetch("LOGIN_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/auth/result"), | ||
| logout_redirect_uri: ENV.fetch("LOGOUT_REDIRECT_EVAL_URL", "https://challenge-dev.app.cloud.gov/"), | ||
| acr_value: "http://idmanagement.gov/ns/assurance/loa/1", | ||
| client_id: ENV.fetch("LOGIN_CLIENT_ID", "urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:_client_id"), # default fake ID for CI |
| LOGIN_IDP_AUTHORIZE_URL: https://idp.int.identitysandbox.gov/openid_connect/authorize | ||
| LOGIN_TOKEN_ENDPOINT: https://idp.int.identitysandbox.gov/api/openid_connect/token |
There was a problem hiding this comment.
Sounds good, I had just followed the patterns we'd used on the portal, this makes more sense.
Adds some env configuration to allow both local development and theoretically working on the deployed dev environment.