How to disable https for oidcc/ueberauth

Currently im trying to implement ueberauth_oidcc where i am using a local keycloak server as identity provider.

Since i’m developing locally i use http, but I get this error when starting my app:

Error Details: {:configuration_load_failed, {:invalid_config_property, {:uri_https, :userinfo_endpoint}}} 

The error is quite clear, I need to use https. But I can’t for the life of me figure out how to disable this check locally when im developing. I followed this tutorial: UeberauthOidcc — Ueberauth OIDCC v0.4.2

Hope someone can help me.

This is my dev.exs

config :ueberauth_oidcc, :issuers, [ %{ name: :oidcc_issuer, issuer: "http://localhost:8080/realms/my-realm" } ] config :ueberauth, Ueberauth, providers: [ oidc: { Ueberauth.Strategy.Oidcc, # Additional HTTP tolerance issuer: :oidcc_issuer, client_id: "my-realm-phoenix", client_secret: "my-secret", scopes: ["openid", "profile", "email"], callback_path: "/auth/callback", userinfo: false, validate_scopes: false, uid_field: "email", } ] 

oidcc has an option for providers: oidcc_provider_configuration — Oidcc v3.5.2

Not sure how you’d pass that when using the ueberauth strategy though.

That is also where I ended up… Haven’t figured it out yet.

Why not go the other way and use a self signed cert with local development? Is that an option?

mix phx.gen.secret

config :ueberauth_oidcc, :issuers, [ %{ name: :oidcc_issuer, issuer: "http://localhost:8080/realms/my-realm", provider_configuration_opts: %{ quirks: %{allow_unsafe_http: true} } } ] 

This should work based on the typespecs on Oidcc.ProviderConfiguration.Worker — Oidcc v3.5.2, which is what the library uses: lib/ueberauth_oidcc/application.ex · main · Paul Swartz / ueberauth_oidcc · GitLab

Thank you so much!