more with redirect uri

obiba · Mar 17, 2022 · 4caab48 · 4caab48
1 parent 2aa38ca
commit 4caab48
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/oauth2-api/index.rst b/oauth2-api/index.rst
@@ -1,3 +1,5 @@
+.. _oauth:
+
 OAuth2 Introduction
 ===================
 

diff --git a/web-user-guide/applications.rst b/web-user-guide/applications.rst
@@ -1,7 +1,11 @@
+.. _applications_management:
+
 Applications Management
 =======================
 
-An application is an external system that can use agate as a central authentication system. Once an application is registered in agate, it can use its credentials (name and key) to connect with agate. See also :ref:`domain-application` domain documentation.
+An application is an external system that can use Agate as a central authentication system. Once an application is registered in agate, it can use its credentials (name and key) to connect with agate. See also :ref:`domain-application` domain documentation.
+
+When Agate delegates the authentication to an external :ref:`oidc_realm` or when using OAuth2 service (see :ref:`oauth`), the redirect URI must be set so that Agate performs the redirect to a known application after successful authentication. Wildcard ``*`` can be used in this configured redirect URI.
 
 The application pages are: the list of applications page and application view and edit pages.
 

diff --git a/web-user-guide/realms.rst b/web-user-guide/realms.rst
@@ -9,6 +9,8 @@ Agate is able to delegate authentication to alternate identity provider systems.
 Realm Types
 -----------
 
+.. _oidc_realm:
+
 Open ID Connect Realm
 ~~~~~~~~~~~~~~~~~~~~~
 
@@ -18,7 +20,7 @@ A realm that uses the OpenID Connect (`OIDC <https://openid.net/connect/>`_) pro
 To register Agate as a client of the OIDC provider it will be necessary to provide its callback URL which is: ``https://agate.example.org/auth/callback/``.
 
 .. note::
-  For Agate to authenticate for an :ref:`domain-application`, its redirect URI must be set.
+  For Agate to authenticate for an :ref:`domain-application`, the redirect URI of the Application must be set (see :ref:`applications_management`).
 
 An example of well known open source ID provider that can be declared as an OIDC realm is `Keycloak <https://www.keycloak.org/>`_. Keycloak has also a strong user federation feature, which we recommend to use instead of using the following other realm types (LDAP etc.).