Description:
Currently, the reana-server JWT SSO implementation uses hardcoded or env-provided URLs for token, userinfo, and other IdP endpoints. Instead, we could use the standard OpenID Connect Discovery mechanism to fetch this info dynamically.
Example endpoint:
https://iam-escape.cloud.cnaf.infn.it/.well-known/openid-configuration
Benefits:
- Reduces hardcoded config
- Ensures compatibility with other compliant IdPs
- Automatically pulls updated endpoint URLs (e.g.
/token, /devicecode, /userinfo, /jwks_uri, etc.)
Description:
Currently, the
reana-serverJWT SSO implementation uses hardcoded or env-provided URLs for token, userinfo, and other IdP endpoints. Instead, we could use the standard OpenID Connect Discovery mechanism to fetch this info dynamically.Example endpoint:
https://iam-escape.cloud.cnaf.infn.it/.well-known/openid-configuration
Benefits:
/token,/devicecode,/userinfo,/jwks_uri, etc.)