[idp - OIDC] missing features

[semangard]

Hello,

Here are some missing features on the OIDC IdP (available on KC UI but not with the provider).

Maybe the highest priority is the 'issuer" property as it strengthen security

[tomrutsaert]

Not a perfect workaround, but any missing property can be set via the extra_config object. You need to look at the keycloak rest admin api docs or in the browser when saving the config for the name/key of the property and use that name/key in the extra_config object. Which will pass it towards keycloak.

This is also mentioned in the docs: https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/oidc_identity_provider

The google idp documentation shows an example with sync_mode property: https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/oidc_google_identity_provider

Warning: When a missing property is added to a new version of this provider, you will have to update your config, as any property that is defined in the provider will be discarded when found in the extra_config object.

[semangard]

a) Ok thanks for your feedback, I am going to test it and tell you if I face troubles

b) BTW it seems that the 'Sync mode' is now mandatory on the KC UI =>it might be better if the TF provider set it with a default value

[tomrutsaert]

Yes I agree, But someone has to write the code. I do not have the time myself, but I or mrparkers is happy to review and merge any pull request for this