#0000 - Modify OAuth discovery to hard-coded configuration

Replaced the dynamic useAutoDiscovery function with a hard-coded configuration object. This change ensures more control over OAuth parameters and might address any dynamic discovery issues encountered before.

Dockerfile

@@ -1,3 +1,14 @@
+# Use the official Nginx image from Docker Hub
 FROM nginx:alpine3.20
 
+# Copy your application files to the appropriate directory if needed
 COPY dist /usr/share/nginx/html
+
+# Copy custom Nginx configuration file to the container
+COPY nginx-extra.conf /etc/nginx/conf.d/nginx-extra.conf
+
+# Expose the port that the application is running on
+EXPOSE 80
+
+# Start Nginx when the container launches
+CMD ["nginx", "-g", "daemon off;"]

app/index.tsx

@@ -6,16 +6,70 @@ import {Button, Text, View} from "react-native";
 
 WebBrowser.maybeCompleteAuthSession();
 // const redirectURI = AuthSession.makeRedirectUri({native: 'http://127.0.0.1:8082/ssoCallback', // TODO: why is it translated to localhost? Why /ssoCallback is missing?});
-const redirectURI = 'https://poc-sso-marn.van-hemmen.com/ssoCallback';
+const redirectURI = 'https://poc-sso-marn-500.van-hemmen.com/ssoCallback';
 
 console.log(redirectURI);
 
 export default function indexScreen() {
     const [tokenResponse, setTokenResponse] = useState<TokenResponse | null>(null);
 
-    const clientId = '509-marn-app';
+    const clientId = '509-marn-poc-app';
 
-    const discovery = AuthSession.useAutoDiscovery('https://fes509-ref.m-team.be/login/oauth2/realms/root/realms/509');
+    // const discovery = AuthSession.useAutoDiscovery('https://auth-integ.partenamut.be/login/oauth2');
+    const discovery = {
+        "request_parameter_supported": true,
+        "pushed_authorization_request_endpoint": "https://auth-integ.partenamut.be/login/oauth2/par",
+        "introspection_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "claims_parameter_supported": false,
+        "introspection_endpoint": "https://auth-integ.partenamut.be/login/oauth2/introspect",
+        "issuer": "https://auth-integ.partenamut.be/login/oauth2",
+        "id_token_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "userinfo_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "authorization_endpoint": "https://auth-integ.partenamut.be/login/oauth2/authorize",
+        "authorization_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "introspection_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "claims_supported": [],
+        "rcs_request_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
+        "tls_client_certificate_bound_access_tokens": true,
+        "response_modes_supported": ["query.jwt", "fragment", "jwt", "form_post.jwt", "form_post", "fragment.jwt", "query"],
+        "backchannel_logout_session_supported": true,
+        "token_endpoint": "https://auth-integ.partenamut.be/login/oauth2/access_token",
+        "response_types_supported": ["code token id_token", "code", "code id_token", "id_token", "code token", "token", "token id_token"],
+        "authorization_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "revocation_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
+        "request_uri_parameter_supported": true,
+        "grant_types_supported": ["implicit", "urn:ietf:params:oauth:grant-type:saml2-bearer", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "authorization_code", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
+        "version": "3.0",
+        "userinfo_endpoint": "https://auth-integ.partenamut.be/login/oauth2/userinfo",
+        "require_request_uri_registration": true,
+        "code_challenge_methods_supported": ["plain", "S256"],
+        "id_token_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "authorization_signing_alg_values_supported": ["PS384", "RS384", "EdDSA", "ES384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "request_object_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "request_object_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "rcs_response_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "introspection_signing_alg_values_supported": ["PS384", "RS384", "EdDSA", "ES384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "check_session_iframe": "https://auth-integ.partenamut.be/login/oauth2/connect/checkSession",
+        "scopes_supported": [],
+        "backchannel_logout_supported": true,
+        "acr_values_supported": ["itsmeAffiliation", "eid", "impersonate", "impersonateNew", "usernamePassword", "fasCitizenLevel400", "itsme"],
+        "request_object_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "rcs_request_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "userinfo_signing_alg_values_supported": ["ES384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512"],
+        "require_pushed_authorization_requests": false,
+        "rcs_response_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "userinfo_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "end_session_endpoint": "https://auth-integ.partenamut.be/login/oauth2/connect/endSession",
+        "rcs_request_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
+        "revocation_endpoint": "https://auth-integ.partenamut.be/login/oauth2/token/revoke",
+        "rcs_response_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
+        "token_endpoint_auth_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "jwks_uri": "https://auth-integ.partenamut.be/login/oauth2/connect/jwk_uri",
+        "subject_types_supported": ["public", "pairwise"],
+        "id_token_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
+        "registration_endpoint": "https://auth-integ.partenamut.be/login/oauth2/register"
+    }
 
     const [request, result, promptAsync] = AuthSession.useAuthRequest(
         {

nginx-extra.conf

@@ -0,0 +1,21 @@
+server {
+  listen 80;
+  location / {
+      # other settings...
+      # Allow CORS for all domains (or specify a particular domain instead of *)
+      add_header 'Access-Control-Allow-Origin' '*';
+      # Allow specific headers
+      add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
+      # Allow specific methods
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
+      if ($request_method = 'OPTIONS') {
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
+          add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
+          add_header 'Access-Control-Max-Age' 1728000;
+          add_header 'Content-Type' 'text/plain; charset=utf-8';
+          add_header 'Content-Length' 0;
+          return 204;
+      }
+  }
+}