Details

    • Type: Sub-task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 5.0.0
    • Component/s: Authentication, OIDC
    • Labels:
      None

      Description

      The login flow makes a handful of HTTP client requests, using a mix of Nimbus code and some blatantly bad "open a URI" hacks (e.g. for the OIDC metadata).

      I think we would nominally want to dump all of those in favor of injecting an HttpCient instance and HttpClientSecurityParameters using the standard pattern we have been following. In most cases these may be left as very vanilla, but it would allow for tighter TLS if desired and it's more consistent for timeout settings, etc.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            cantor.2@osu.edu Scott Cantor
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: