Removed 'public' flow from implementation documentation

2026-03-31 06:24:02 -04:00 · 2024-09-30 19:15:56 +02:00
parent 11873f4879
commit 9e6eece08b
6 changed files with 5 additions and 50 deletions
--- a/.docs/oidc/authentik/README.md
+++ b/.docs/oidc/authentik/README.md
@@ -16,24 +16,15 @@
    - **Name**: `unifi-voucher-provider`.
    - **Authentication flow**: `default-authentication-flow`.
    - **Authorization flow**: `default-provider-authorization-implicit-consent`.
-    - **Client Type**: Select either `public` or `confidential` based on your needs:
-        - **Public**: No client secret is required.
-        - **Confidential**: A client secret will be generated.
-5. Set the **Redirect URI** to match your UniFi Voucher Site’s callback URL (e.g., `https://<unifi-voucher-url>/callback`).
+    - **Client Type**: Select `confidential`, A client secret will be generated.
+5. Set the **Redirect URI** to match your UniFi Voucher Site’s callback URL (e.g., `https://voucher.example.com/callback`).
 6. Click **Submit**.

 ![Create Provider 1](images/create_provider_1.png)
 ![Create Provider 2](images/create_provider_2.png)
 ![Create Provider 3](images/create_provider_3.png)
-![Create Provider 4](images/create_provider_4.png)

-#### For Public Client Method:
-
- After saving, note down the **Client ID** generated for this provider. You’ll need it when configuring your UniFi Voucher Site.
-
-#### For Confidential Client Method:
-
- After saving, note down the **Client ID** and **Client Secret** generated for this provider. You’ll need it when configuring your UniFi Voucher Site.
+> After saving, note down the **Client ID** and **Client Secret** generated for this provider. You’ll need it when configuring your UniFi Voucher Site.

 ### Step 3: Create a New Application

@@ -53,17 +44,6 @@

 Now, configure your UniFi Voucher Site to use the Authentik client.

-### For Public Client Configuration
-
-1. In your UniFi Voucher Site configuration, set `AUTH_OIDC_CLIENT_TYPE` as `public`.
-2. Set the `AUTH_OIDC_CLIENT_ID` as configured in Authentik (found in the Authentik provider configuration).
-3. Provide the `AUTH_OIDC_ISSUER_BASE_URL` from your Authentik provider.
-    - You can find this under **Providers > unifi-voucher-provider > OpenID Configuration URL** in Authentik.
-4. Provide the `AUTH_OIDC_APP_BASE_URL` from your UniFi Voucher Site instance (e.g., `https://voucher.example.com`).
-5. Restart the container after these changes
-
-### For Confidential Client Configuration
-
 1. In your UniFi Voucher Site configuration, set `AUTH_OIDC_CLIENT_TYPE` as `confidential`.
 2. Set the `AUTH_OIDC_CLIENT_ID` as configured in Authentik (found in the Authentik provider configuration).
 3. Provide the `AUTH_OIDC_CLIENT_SECRET` (found in the Authentik provider configuration).
--- a/.docs/oidc/authentik/images/create_provider_3.png
+++ b/.docs/oidc/authentik/images/create_provider_3.png
--- a/.docs/oidc/authentik/images/create_provider_4.png
+++ b/.docs/oidc/authentik/images/create_provider_4.png
--- a/.docs/oidc/keycloak/README.md
+++ b/.docs/oidc/keycloak/README.md
@@ -30,22 +30,7 @@ If you don't already have a realm:

 ### Step 4: Configure the Client

-You’ll see various tabs for configuring the client. Set the following fields based on the type of method you want:
-
-#### A. **Public Client Method**
-
-1. Go to the **Settings** tab.
-2. Set **Access Type** to `public`.
-3. Ensure **Implicit Flow Enabled** is set to `ON`. (This enables the Implicit flow for public clients).
-4. Set **Valid Redirect URIs** to your UniFi voucher callback URL (e.g., `https://voucher.example.com/callback`).
-5. Click **Save**.
-
-In this mode, no client secret is required. The public client relies on the Implicit flow without needing to authenticate itself.
-
-![Client Settings 1](images/client_settings_1.png)
-![Client Settings 2](images/client_settings_2.png)
-
-#### B. **Confidential Client Method**
+You’ll see various tabs for configuring the client. Set the following fields:

 1. Go to the **Settings** tab.
 2. Set **Access Type** to `confidential`.
@@ -55,7 +40,7 @@ In this mode, no client secret is required. The public client relies on the Impl

 6. After saving, go to the **Credentials** tab to get the **Client Secret**. This secret will be used by your UniFi Voucher Site when authenticating as a confidential client.

-![Client Settings 3](images/client_settings_3.png)
+![Client Settings 1](images/client_settings_1.png)
 ![Client Settings 2](images/client_settings_2.png)
 ![Client Secret](images/client_secret.png)

@@ -65,16 +50,6 @@ In this mode, no client secret is required. The public client relies on the Impl

 Now, configure your UniFi Voucher Site to use the Keycloak client.

-### For Public Client Configuration
-
-1. In your UniFi Voucher Site configuration, set `AUTH_OIDC_CLIENT_TYPE` as `public`.
-2. Set the `AUTH_OIDC_CLIENT_ID` as configured in Keycloak (e.g., `unifi-voucher-site`).
-3. Provide the `AUTH_OIDC_ISSUER_BASE_URL` from your Keycloak server (e.g., `https://auth.example.com/realms/{realm}/.well-known/openid-configuration`).
-4. Provide the `AUTH_OIDC_APP_BASE_URL` from your UniFi Voucher Site instance (e.g., `https://voucher.example.com`).
-5. Restart the container after these changes
-
-### For Confidential Client Configuration
-
 1. In your UniFi Voucher Site configuration, set `AUTH_OIDC_CLIENT_TYPE` as `confidential`.
 2. Set the `AUTH_OIDC_CLIENT_ID` as configured in Keycloak (e.g., `unifi-voucher-site`).
 3. Provide the `AUTH_OIDC_CLIENT_SECRET` (found in the Credentials tab in Keycloak).
--- a/.docs/oidc/keycloak/images/client_settings_1.png
+++ b/.docs/oidc/keycloak/images/client_settings_1.png
--- a/.docs/oidc/keycloak/images/client_settings_3.png
+++ b/.docs/oidc/keycloak/images/client_settings_3.png