Skip to content

OIDC#2829

Open
constantine2nd wants to merge 2 commits into
OpenBankProject:developfrom
constantine2nd:develop
Open

OIDC#2829
constantine2nd wants to merge 2 commits into
OpenBankProject:developfrom
constantine2nd:develop

Conversation

@constantine2nd
Copy link
Copy Markdown
Contributor

@constantine2nd constantine2nd commented Jun 5, 2026

No description provided.

@constantine2nd
refactor(oidc): remove OBP-as-relying-party OpenID Connect callback
91fa165 
OBP-API is used as a pure OAuth2 resource server: the client/BFF runs the OIDC
login against the provider (Keycloak) and calls OBP with Authorization: Bearer.
The server-side relying-party callback (/auth/openid-connect/callback{,-1,-2})
that minted a DirectLogin token was unused in this model and is removed.

- delete Http4sOpenIdConnect (routes, OpenIdConnectConfig, handler, helpers)
- unmount its routes from Http4sApp
- drop now-orphaned DirectLogin.issueTokenForUser (only caller was the callback)
- inline the "OpenID Connect" consumer-description constant in OAuth2
- delete the callback's two test suites
- update the stale Boot comment

Bearer-JWT validation (OAuth2Login / oauth2.keycloak.*) is unchanged;
Google-via-Keycloak login verified working after a clean rebuild.
@constantine2nd
docs(glossary): fix duplicated Authorization header in OIDC-with-Goog…
e5ca1d0 
…le example
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Jun 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@constantine2nd