New input for Pixee API URL

[carlosu7]

No description provided.

[fjpgtt]

You need to keep the audience since that is https://app.pixee.ai not api.pixee.api

[gilday]

Yes, I believe that's true, but it does beg the question, is https://app.pixee.ai always the right audience? Maybe it's technically incorrect in some deployments but still good enough? @ryandens please opine.

[ryandens]

It captures the intended purpose (ensuring the person with permissions to generate this ID token generated it for Pixee). Changing the audience verification server side would be pretty trivial, but would require additional configuration when deploying a pixee server. I don't see a reason to not make this configurable now.

I also don't think we have a great reason for making the audience app.pixee.ai when the action uploads to api.pixee.ai - i think I picked the audience before we had the CNAME for this API. Open to pixee.ai or api.pixee.ai to match the target destination

[gilday]

Any reason to configure them separately, or should we derive the audience from the URL?

[fjpgtt]

IMO we should derive the audience, that way one less input they need to pass. But I think this should be done in a different PR to avoid rejecting requests from the actions, since we need to update the server side validation.

Maybe we should first update the platform to check the audience to see if it is the old or the new api.pixee.ai value, after that change is deploy we can update the logic in the action to derive it from the URL. Finally, we can update the platform again to use something more configurable so it cover the pixee server case

[gilday]

That sounds good to me.

[fjpgtt]

You dont need to commit the changes of this file in the PR, the command will be executed when you deploy it

[gilday]

In fact, we should remove this file.

[gilday]

Let's make the audience change that @fjpgtt proposed.

re requesting it