From 071fcfd67818d44a004a7364991c895f7c560395 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Mili=C4=87?= <marko@tesobe.com>
Date: Mon, 2 Dec 2019 09:40:52 +0100
Subject: [PATCH] Allow more than one Identity Provider in case MITREId is
 defined - add comment

---
 README.md                                              | 3 ++-
 obp-api/src/main/resources/props/sample.props.template | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6b7452a7f..177b6392b 100644
--- a/README.md
+++ b/README.md
@@ -563,7 +563,8 @@ In order to enable an OAuth2 workflow at an instance of OBP-API backend app you
 # allow_oauth2_login=false
 # URL of Public server JWK set used for validating bearer JWT access tokens
 # It can contain more than one URL i.e. list of uris. Values are comma separated.
-# If MITREId URL is present it must be at 1st place in the list.
+# If MITREId URL is present it must be at 1st place in the list
+# because MITREId URL can be an appropirate value and we cannot rely on it.
 # oauth2.jwk_set.url=http://localhost:8080/jwk.json,https://www.googleapis.com/oauth2/v3/certs
 # ------------------------------------------------------------------------------ OAuth 2 ------
 
diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template
index c2c1cfe14..0ab3ef4c0 100644
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@@ -569,7 +569,8 @@ display_internal_errors=false
 # allow_oauth2_login=false
 # URL of Public server JWK set used for validating bearer JWT access tokens
 # It can contain more than one URL i.e. list of uris. Values are comma separated.
-# If MITREId URL is present it must be at 1st place in the list.
+# If MITREId URL is present it must be at 1st place in the list
+# because MITREId URL can be an appropirate value and we cannot rely on it.
 # oauth2.jwk_set.url=http://localhost:8080/jwk.json,https://www.googleapis.com/oauth2/v3/certs
 # ------------------------------------------------------------------------------ OAuth 2 ------