Updated Sample Static Configuration for using Google Authentication (markdown)

Sample-Static-Configuration-for-using-Google-Authentication.md

@@ -1,8 +1,6 @@
 **Note that these instructions work only with the 1.2 development branch at this time.**
 
-Google has a couple non-standard behaviors that had to be addresses as a special case, thus you can't really use all the types of server configurations, and will be limited to Hybrid or Static where Google is setup in a particular way. 
+Google does not allow dynamic client registration, but is otherwise compliant with the OpenID Connect protocol. You have to have the Google+ API enabled in your Google Developer Console order for this to work. There you create 
-
-You have to have the Google+ API enabled in order for this to work.
 
 The following example is based on making the sample simple-web-app to work with a Static configuration that uses Google Authentication, one can extrapolate from this to get a Hybrid configuration working. The updates shown here were done to the `src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml` file (see [client configuration](Client-configuration)).
 
@@ -12,49 +10,38 @@ The following example is based on making the sample simple-web-app to work with
        <property name="authenticationManager" ref="authenticationManager" />
 
        <property name="issuerService" ref="staticIssuerService" />
-       <property name="serverConfigurationService" ref="staticServerConfigurationService" />
+       <property name="serverConfigurationService" ref="dynamicServerConfigurationService" />
        <property name="clientConfigurationService" ref="staticClientConfigurationService" />
        <property name="authRequestOptionsService" ref="staticAuthRequestOptionsService" />
        <property name="authRequestUrlBuilder" ref="plainAuthRequestUrlBuilder" />
     </bean>
     ```
 
-1. Setup your issuer to be "Google". Not the effect of this on the simple client is that it will basically ignore anything you type on the entry box during Login.
+1. Setup your issuer to be `https://accounts.google.com`. This example uses the static issuer service; note the effect of this on the simple client is that it will basically ignore anything you type on the entry box during Login. To use multiple issuers, use a different issuer service and have a selector page where one of the options is `https://accounts.google.com`. 
+
     ``` xml
     <bean class="org.mitre.openid.connect.client.service.impl.StaticSingleIssuerService" id="staticIssuerService">
-       <property name="issuer" value="accounts.google.com" />
+       <property name="issuer" value="https://accounts.google.com" />
     </bean>
     ```
 
-1. Configure the Google Server entry to use the OAuth2.0/OIDC endpoints Google uses. This is where the non-standard behaviors are addressed. The "issuer" is not prefixed with "https://" and thus a static configuration is needed, and Google processing does not ignore the "nonce" parameter, which required the addition of the "nonceEnabled" property.
+1. Google's server configuration can be discovered dynamically from the issuer.
+
     ``` xml
-    <bean class="org.mitre.openid.connect.client.service.impl.StaticServerConfigurationService" id="staticServerConfigurationService">
+    <bean class="org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService" id="dynamicServerConfigurationService" />
-       <property name="servers">
-          <map>
-             <entry key="accounts.google.com">
-                <bean class="org.mitre.openid.connect.config.ServerConfiguration">
-                   <property name="issuer" value="accounts.google.com" />
-                   <property name="authorizationEndpointUri" value="https://accounts.google.com/o/oauth2/auth" />
-                   <property name="tokenEndpointUri"   value="https://accounts.google.com/o/oauth2/token" />
-                   <property name="userInfoUri" value="https://www.googleapis.com/plus/v1/people/me/openIdConnect" />
-                   <property name="jwksUri" value="https://www.googleapis.com/oauth2/v2/certs" />
-                   <property name="nonceEnabled" value="false" />
-                </bean>
-             </entry>
-          </map>
-       </property>
-    </bean>
     ```
 
-1. Finally, you must configure your client to work with Google requirements. Replace anything called "my-*" with your actual values, obtained from your Google API via the Google Developers Console.
+1. Finally, you must statically configure your client to work with Google requirements. Replace anything called "my-*" with your actual values, obtained from your Google API via the Google Developers Console.
+
     ``` xml
     <bean class="org.mitre.openid.connect.client.service.impl.StaticClientConfigurationService" id="staticClientConfigurationService">
        <property name="clients">
           <map>
-             <entry key="accounts.google.com">
+             <entry key="https://accounts.google.com">
                 <bean class="org.mitre.oauth2.model.RegisteredClient">
                    <property name="clientName" value="my-client-name" />
                    <property name="clientId" value="my-google-client-id-from-console" />
+                   <property name="clientSecret" value="my-google-client-secret-from-console" />
                    <property name="scope">
                       <set value-type="java.lang.String">
                          <value>openid</value>
@@ -62,7 +49,6 @@ The following example is based on making the sample simple-web-app to work with
                          <value>profile</value>
                       </set>
                    </property>
-                   <property name="tokenEndpointAuthMethod" value="SECRET_POST" />
                    <property name="redirectUris">
                       <set>
                          <value>https://my-redirect-uri-setup-in-google/</value>
@@ -74,3 +60,4 @@ The following example is based on making the sample simple-web-app to work with
         </property>
     </bean>
     ```
+