Allow more than one Identity Provider in case MITREId is defined - add comment

2026-02-06 11:06:49 +00:00 · 2019-12-02 09:40:52 +01:00 · 2019-12-02 09:40:52 +01:00 · 071fcfd678
commit 071fcfd678
parent 3964a61cec
2 changed files with 4 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -563,7 +563,8 @@ In order to enable an OAuth2 workflow at an instance of OBP-API backend app you
 # allow_oauth2_login=false
 # URL of Public server JWK set used for validating bearer JWT access tokens
 # It can contain more than one URL i.e. list of uris. Values are comma separated.
-# If MITREId URL is present it must be at 1st place in the list.
+# If MITREId URL is present it must be at 1st place in the list
+# because MITREId URL can be an appropirate value and we cannot rely on it.
 # oauth2.jwk_set.url=http://localhost:8080/jwk.json,https://www.googleapis.com/oauth2/v3/certs
 # ------------------------------------------------------------------------------ OAuth 2 ------

--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@ -569,7 +569,8 @@ display_internal_errors=false
 # allow_oauth2_login=false
 # URL of Public server JWK set used for validating bearer JWT access tokens
 # It can contain more than one URL i.e. list of uris. Values are comma separated.
-# If MITREId URL is present it must be at 1st place in the list.
+# If MITREId URL is present it must be at 1st place in the list
+# because MITREId URL can be an appropirate value and we cannot rely on it.
 # oauth2.jwk_set.url=http://localhost:8080/jwk.json,https://www.googleapis.com/oauth2/v3/certs
 # ------------------------------------------------------------------------------ OAuth 2 ------