Bug: Cannot create an anypoint_idp_oidc with Identity Client Registration type manual registration

[Tarzac]

There is a bug when creating an IPD with an "Identity Client Registration" of type "Manual Registration".

Source :

resource "anypoint_idp_oidc" "example2" {
  org_id = var.root_org_id
  name = "openid connect provider 2"
  oidc_provider {
    authorize_url = "http://idp.example.com/auth/realms/master/protocol/openid-connect/auth"
    token_url     = "http://idp.example.com/auth/realms/master/protocol/openid-connect/token"
    userinfo_url  = "http://idp.example.com/auth/realms/master/protocol/openid-connect/userinfo"

    issuer = "http://idp.example.com/auth/realms/master"

    client_credentials_id     = "xxxxx-xxxx-xxxx"
    client_credentials_secret = "xxxx-xxxx-xxx-xxx-xxxxxxxxx"

    allow_untrusted_certificates = true
  }
}

Result :

anypoint_idp_oidc.example2: Creating...
╷
│ Error: Unable to create OIDC provider for org xxxxxxx
│
│   with anypoint_idp_oidc.example2,
│   on idp.tf line 1, in resource "anypoint_idp_oidc" "example2":
│    1: resource "anypoint_idp_oidc" "example2" {
│
│ Invalid OIDC provider client registration URL provided
╵

[soufi]

is your IDP accessible publicly ?

This issue is purely functional from what I can see and is not a bug with the provider. The error you have is from the platform's API

[Tarzac]

However, the same request works via the API :

Request:

POST https://anypoint.mulesoft.com/accounts/api/organizations/xxx/identityProviders

{
    "type": {
        "description": "OpenID Connect",
        "name": "openid"
    },
    "oidc_provider": {
        "client": {
            "credentials": {
                "id": "xxxxx-xxxx-xxxx",
                "secret": "xxxx-xxxx-xxx-xxx-xxxxxxxxx"
            }
        },
        "urls": {
            "authorize": "http://idp.example.com/auth/realms/master/protocol/openid-connect/auth",
            "token": "http://idp.example.com/auth/realms/master/protocol/openid-connect/token",
            "userinfo": "http://idp.example.com/auth/realms/master/protocol/openid-connect/userinfo"
        }
    },
    "allow_untrusted_certificates": true,
    "login_disabled": false,
    "name": "openid connect provider 2"
}

Response:

{
  "provider_id": "xxxx",
  "org_id": "xx",
  "name": "openid connect provider 2",
  "type": {
    "description": "OpenID Connect",
    "name": "openid"
  },
  "oidc_provider": {
    "urls": {
      "token": "http://idp.example.com/auth/realms/master/protocol/openid-connect/token",
      "redirect": "https://anypoint.mulesoft.com/accounts/login/xxxx/providers/xxxx",
      "userinfo": "http://idp.example.com/auth/realms/master/protocol/openid-connect/userinfo",
      "authorize": "http://idp.example.com/auth/realms/master/protocol/openid-connect/auth"
    },
    "client": {
      "credentials": {
        "id": "xxxxx-xxxx-xxxx"
      }
    }
  },
  "service_provider": {
    "urls": {
      "sign_on": "http://idp.example.com/auth/realms/master/protocol/openid-connect/auth?response_type=code&scope=openid%20profile%20email&client_id=xxxxx-xxxx-xxxx&redirect_uri=https%3A%2F%2Fanypoint.mulesoft.com%2Faccounts%2Flogin%2Fxxxxx%2Fproviders%xxxxx%2Fredirect"
    }
  },
  "allow_untrusted_certificates": true,
  "arc_namespace": null
}

[soufi]

thank you @Tarzac It seems that the request definition is not correct from our side. this could explain why the request is not working. could you please verify this and tell me what else is wrong ? thank you for your help