Admin OIDC auth settings endpoints giving 404

[atrauzzi]

Describe the bug

I'm running into the following issue with Unleash when trying to do a GET to the admin OIDC configuration endpoint:

❯ curl -L 'http://localhost:4242/api/admin/auth/oidc/settings' \
-H 'Accept: application/json' \
-H 'Authorization: *:*.zxczxc123'

Here's what I get back:

{"id":"f8d1951c-bd12-47b9-8816-d54785e20a0c","name":"NotFoundError","message":"The path you were looking for (/api/admin/auth/oidc/settings) is not available.","details":[{"message":"The path you were looking for (/api/admin/auth/oidc/settings) is not available."}]}% 

Is there a special flag I have to pass to Unleash to enable the admin APIs?

I'm running with the latest docker container image.

[chriswk]

Hi @atrauzzi . The Open-Source version (unleashorg/unleash-server) does not have a built in OIDC endpoint, if you'd like this, you can contribute to https://github.com/unleash/unleash-docker-community. I see someone has made a oidc subfolder there; but we haven't had time to set up a working oidc configuration

[atrauzzi]

It's in the API docs, no?

https://docs.getunleash.io/reference/api/unleash/get-oidc-settings

[chriswk]

The docs include everything configured for enterprise. I'll bring the feedback to our docs team that the OpenAPI generated doc also needs to flag what is Enterprise only.

[melindafekete]

Hi @atrauzzi thank you for your feedback. All of Unleash's documentation is public, and that includes features only available with an Enterprise license.

I agree that we need to indicate better which endpoints are available with Unleash Enterprise only. I've added this feedback to the list of improvements we're planning to our API docs.

In the meantime, please use the corresponding reference documentation to check feature availability. In this case:
https://docs.getunleash.io/reference/sso
https://docs.getunleash.io/how-to/how-to-add-sso-open-id-connect

[atrauzzi]

Yeah, you could afford to be considerably more transparent and forthcoming with these kinds of things.

It makes it look like you're deliberately trying to dark pattern people into a license.

Moreover, I'd actually suggest you reconsider what you currently deem "for pay" and "for free". I'm effectively unable to adopt Unleash into a reference architecture because I can't even prototype what I need. While I am not opposed to taking on solutions that could eventually come to require a license (you do deserve to get paid), I cannot take on anything that withholds core functionality in the free version.

(I can't propose reference architectures that come with $$$$hefty$$$$ bills day one.)

Again, please make SSO and admin APIs available in the free version, as well as lifting the project limit.

[chriswk]

Nothing stopping you from configuring SSO yourself.

There are examples here https://github.com/Unleash/unleash-examples/blob/main/v4/securing-azure-auth

as well as Google
https://github.com/Unleash/unleash-examples/tree/main/v4/securing-google-auth

and keycloak
https://github.com/Unleash/unleash-examples/tree/main/v4/securing-keycloak-auth

[atrauzzi]

But I can't do it via an API as part of an automated bootstrap?

Will that work on the free version?