Hard coded authentication end point

[MikeNeilson]

The token URL should not be hard coded.

cwms-data-api-client/cwbi-auth-http-client/src/main/java/hec/army/usace/hec/cwbi/auth/http/client/trustmanagers/CwbiAuthTrustManager.java

Line 47 in 60e9746

public static final String TOKEN_URL = "https://auth.corps.cloud/auth/realms/water/protocol/openid-connect/token";

There are 3 CWBI URLs, one each for dev, test, and prod. And in test environments we create a keycloak or other OIDC provider instance locally.

The data source, like CDA, should inform the clients of the correct provider or providers list of .well-known/openid-connect/configuration URL to pull appropriate information.

[MikeNeilson]

FYI, I have determined that the mtls_endpoint_aliases in the .well-known configuration can be altered to reflect the actual endpoints. And have informed the CWBI folks about this ability and how to implement it.

[MikeNeilson]

CWBI will not alter the mtls_endpoints. Additionally we are moving away from direct_grant and will start using the kc_idp_hint and authcode + pkce flow for login and appropriate identity redirect. CDA instances still show the soon-to-be incorrect mtls URL; once that is resolved then we can remove these and retrieve auth information directly from the openapi, which will include additional custom configuration, like the hints.