Class GMFConnectManager

For diverse reasons, this could NOT be done using the oAuth2 mechanisms of GMF:

1. There is no .well-know discovery endpoint
2. The token endpoint needs a client_secret, and for security reasons it has to be called from the backend itself. There is not custom backend for GeoGirafe and we cannot do this.
3. The redirect url is limited to exact matches, and we cannot pass the state of the application in the redirect_uri
4. Using GMF oAuth2 routes for authentification does not authenticate the user to the backend. It just tells the client that you have a correct user in GMF. But you do not get any valid cookie for the GMF Backend.

For all those reasons, we cannot use the geomapfish oAuth process Instead we will use the login.html page of the backend to delegate the login to the backend This will be a standard GMF login, there is no oAuth Process here.

NOTE: If the geogirafe client is not running on the same domain as the GMF backend, the GMF Backend needs to be configured with :

• CORS with credentials for specific domain (this can be done for example with an lua script at the in the haproxy configuration)
• The frontend domain has to be allowed as referer in the vars.yaml file.
• The variable AUTHTKT_SAMESITE has to be set to None, to allow authentication cookies to be sent to the backend from another domain There is no need for any oAuth2 configuration in the admin tool.