Affects Version/s: 6.5.1
When an external application store is used in a realm, the OAuth2 provider in that realm cannot verify the existence of RCS clients in the external store. Applies in the UI and when configuring with amster.
This effectively breaks the setup of the OAuth2 provider making our deployment pipelines fail.
Note, this seemed to start happening as soon as we moved from 6.5.0 to 6.5.1.
- Set up an RCS client in a realm called `rcs-config-store`
- Set up an OAuth2 provider in the realm
- Navigate to the consent tab of the OAuth2 provider and click the remote consent service ID dropdown. The `rcs-config-store` client is visible.
- Set up an external application store in the realm
- Navigate to the RCS clients page, note the rcs-config-store client is gone.
- Create a new client called `rcs-app-store`
- go back to the remote consent service ID dropdown on the OAuth2 provider. The rcs-config-store client is visible, not the rcs-app-store client.
When trying to configure with amster, this results in the following error:
Amster configuration succeeds. The correct RCS clients are in the RCS dropdown on the OAuth2 provider when an external application store is used.
Amster configuration errors. The wrong RCS clients are in the dropdown.
Use a multi stage amster install and configure the RCS client before the OAuth2 provider in the realm, but after the realm is created. This has the downside of not being able to see the RCS client in the console, but in a gitops world, that doesn't matter much to us.