From 7cd7994b2551897d5d720a378d19575cf6f55064 Mon Sep 17 00:00:00 2001 From: Haytham Abuelfutuh Date: Wed, 28 Apr 2021 12:36:38 -0700 Subject: [PATCH] Update docs for migration to include Propeller's config Signed-off-by: Haytham Abuelfutuh --- rsts/howto/authentication/migration.rst | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/rsts/howto/authentication/migration.rst b/rsts/howto/authentication/migration.rst index ed1faff6ef..f27a07040e 100644 --- a/rsts/howto/authentication/migration.rst +++ b/rsts/howto/authentication/migration.rst @@ -116,3 +116,31 @@ This will generate the new cookie hash/block keys, as well as other secrets Admi * The **thirdPartyConfig** has been moved to **appAuth** as well. * **redirectUrl** has been defaulted to **/console**. If that's the value you want, then you no longer need this setting. +From propeller side, you might have a configuration section that looks like this: + +.. code-block:: yaml + + admin: + endpoint: dns:///mycompany.domain.com + useAuth: true + clientId: flytepropeller + clientSecretLocation: /etc/secrets/client_secret + tokenUrl: https://demo.nuclyde.io/oauth2/token + scopes: + - all + +This can now be simplified to: + +.. code-block:: yaml + + admin: + endpoint: dns:///mycompany.domain.com + # If you are using the built-in authorization server, you can delete these two lines: + clientId: flytepropeller + clientSecretLocation: /etc/secrets/client_secret + +Specifically, + +* **useAuth** is deprecated. Auth requirement will be discovered through an anonymous admin discovery call. +* **tokenUrl** and **scopes** will also be discovered through a metadata call. +* **clientId** and **clientSecretLocation** have defaults that work out of the box with the built-in authorization server (e.g. if you setup Google OpenID Connect). \ No newline at end of file