add OCIS_URL env var

.drone.star

@@ -1413,25 +1413,20 @@ def frontend(module):
 def ocisServer(storage, accounts_hash_difficulty = 4, volumes=[]):
   environment = {
     #'OCIS_LOG_LEVEL': 'debug',
+    'OCIS_URL': 'https://ocis-server:9200',
     'STORAGE_HOME_DRIVER': '%s' % (storage),
     'STORAGE_USERS_DRIVER': '%s' % (storage),
     'STORAGE_DRIVER_OCIS_ROOT': '/srv/app/tmp/ocis/storage/users',
     'STORAGE_DRIVER_LOCAL_ROOT': '/srv/app/tmp/ocis/local/root',
     'STORAGE_METADATA_ROOT': '/srv/app/tmp/ocis/metadata',
     'STORAGE_DRIVER_OWNCLOUD_DATADIR': '/srv/app/tmp/ocis/owncloud/data',
     'STORAGE_DRIVER_OWNCLOUD_REDIS_ADDR': 'redis:6379',
-    'STORAGE_LDAP_IDP': 'https://ocis-server:9200',
-    'STORAGE_OIDC_ISSUER': 'https://ocis-server:9200',
-    'PROXY_OIDC_ISSUER': 'https://ocis-server:9200',
     'STORAGE_HOME_DATA_SERVER_URL': 'http://ocis-server:9155/data',
-    'STORAGE_DATAGATEWAY_PUBLIC_URL': 'https://ocis-server:9200/data',
     'STORAGE_USERS_DATA_SERVER_URL': 'http://ocis-server:9158/data',
-    'STORAGE_FRONTEND_PUBLIC_URL': 'https://ocis-server:9200',
     'STORAGE_SHARING_USER_JSON_FILE': '/srv/app/tmp/ocis/shares.json',
     'PROXY_ENABLE_BASIC_AUTH': True,
     'WEB_UI_CONFIG': '/drone/src/tests/config/drone/ocis-config.json',
     'KONNECTD_IDENTIFIER_REGISTRATION_CONF': '/drone/src/tests/config/drone/identifier-registration.yml',
-    'KONNECTD_ISS': 'https://ocis-server:9200',
     'KONNECTD_TLS': 'true',
     'OCIS_LOG_LEVEL': 'warn',
   }

deployments/examples/cs3_users_ocis/docker-compose.yaml

@@ -73,23 +73,15 @@ services:
       STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
       STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
       # General ocis config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: error
       # proxy config
       PROXY_OIDC_INSECURE: "${INSECURE:-false}"
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       PROXY_TLS: "false"
       # web config
-      WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
       WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # storage config
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # idp config
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       KONNECTD_TLS: 'false'
     volumes:
       - ./config/ocis:/config

deployments/examples/ocis_keycloak/docker-compose.yml

@@ -46,7 +46,7 @@ services:
       default:
     environment:
       # general config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
       # proxy config
       PROXY_AUTOPROVISION_ACCOUNTS: "true"
@@ -58,10 +58,7 @@ services:
       WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
       WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration
       WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # storage config
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
       STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
       STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
       # thumbnail config

deployments/examples/ocis_traefik/docker-compose.yml

@@ -52,25 +52,16 @@ services:
       default:
     environment:
       # general config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
       # proxy config
       PROXY_OIDC_INSECURE: "${INSECURE:-false}"
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       PROXY_TLS: "false"
       # web config
-      WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
       WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # storage config
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
-      STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # idp config
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       KONNECTD_TLS: 'false'
       # thumbnail config
       THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/

deployments/examples/owncloud10_with_oc_web/config/oc10/config.php

@@ -32,7 +32,7 @@ function getConfigFromEnv() {
       0 => $domain
     ],
     'openid-connect' => [
-        'provider-url' => getenv('OCIS_DOMAIN'),
+        'provider-url' => getenv('OCIS_URL'),
         'client-id' => 'oc10',
         'client-secret' => 'super',
         'loginButtonName' => 'OpenId Connect',
@@ -50,8 +50,8 @@ function getConfigFromEnv() {
     'dbpassword' => getenv('OWNCLOUD_DB_PASSWORD'),
     'dbtableprefix' => getenv('OWNCLOUD_DB_PREFIX'),
 
-    'web.baseUrl' => getenv('OCIS_DOMAIN'),
-    'cors.allowed-domains' => [getenv('OCIS_DOMAIN')],
+    'web.baseUrl' => getenv('OCIS_URL'),
+    'cors.allowed-domains' => [getenv('OCIS_URL')],
 
     'log_type' => 'owncloud',
 

deployments/examples/owncloud10_with_oc_web/docker-compose.yml

@@ -63,20 +63,18 @@ services:
       default:
     environment:
       # general config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
       # proxy
       PROXY_AUTOPROVISION_ACCOUNTS: "true"
       PROXY_INSECURE_BACKENDS: "${INSECURE:-false}"
       PROXY_OIDC_INSECURE: "${INSECURE:-false}"
       PROXY_CONFIG_FILE: "/config/proxy-config.json"
       PROXY_ENABLE_PRESIGNEDURLS: "false"
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       PROXY_TLS: "false"
       # konnectd - binddn must exist as oc10 admin user
       KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
       KONNECTD_INSECURE: "${INSECURE:-false}"
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       KONNECTD_SIGNING_KID: super
       KONNECTD_TLS: 0
       LDAP_BASEDN: "dc=example,dc=org"
@@ -99,12 +97,8 @@ services:
       # web ui
       WEB_UI_CONFIG: "/config/config.json"
       # storage - although not used, yet
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
       STORAGE_TRANSFER_EXPIRES: 86400
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
     volumes:
       - ./config/ocis:/config
       - ocis-data:/var/tmp/ocis
@@ -129,7 +123,7 @@ services:
       - redis
     environment:
       PROXY_LOG_LEVEL: debug
-      OCIS_DOMAIN: https://${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OWNCLOUD_DOMAIN: ${OC10_DOMAIN:-oc10.owncloud.test}
       OWNCLOUD_DB_TYPE: mysql
       OWNCLOUD_DB_NAME: owncloud

docs/ocis/deployment/basic-remote-setup.md

@@ -58,13 +58,7 @@ You need to configure `your-host` in some services to provide the needed public
 
 ```bash
 PROXY_HTTP_ADDR=0.0.0.0:9200 \
-KONNECTD_ISS=https://your-server:9200 \
-REVA_OIDC_ISSUER=https://your-server:9200 \
-WEB_OIDC_AUTHORITY=https://your-server:9200 \
-WEB_UI_CONFIG_SERVER=https://your-server:9200 \
-WEB_OIDC_METADATA_URL=https://your-server:9200/.well-known/openid-configuration \
-REVA_DATAGATEWAY_URL=https://your-server:9200/data \
-REVA_FRONTEND_URL=https://your-server:9200 \
+OCIS_URL=https://your-server:9200 \
 PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
 PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
 KONNECTD_TLS=0 \
@@ -93,8 +87,7 @@ cd compose-playground/compose/ocis
 sed -i -e 's/your-url/192.168.103.195/g' config/identifier-registration.yml
 
 cat << EOF > .env
-OCIS_BASE_URL=192.168.103.195
-OCIS_HTTP_PORT=9200
+OCIS_URL=https://192.168.103.195
 OCIS_DOCKER_TAG=latest
 EOF
 

konnectd/pkg/flagset/flagset.go

@@ -167,7 +167,7 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 		&cli.StringFlag{
 			Name:        "iss",
 			Usage:       "OIDC issuer URL",
-			EnvVars:     []string{"KONNECTD_ISS"},
+			EnvVars:     []string{"KONNECTD_ISS", "OCIS_URL"}, // KONNECTD_ISS takes precedence over OCIS_URL
 			Value:       "https://localhost:9200",
 			Destination: &cfg.Konnectd.Iss,
 		},

ocis/docker-compose-eos-test.yml

@@ -30,14 +30,7 @@ services:
       OCIS_LOG_LEVEL: debug
       # domain setup
       # TODO currently the below lines hardcode the port to 9200, use an OCIS_URL that includes protocol and port
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-localhost}
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-localhost}:9200
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-localhost}:9200
-      WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-localhost}:9200
-      WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-localhost}:9200/.well-known/openid-configuration
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-localhost}:9200
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-localhost}:9200
-      STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-localhost}:9200
+      OCIS_URL: https://${OCIS_DOMAIN:-localhost:9200}
       # make home and users storages use eos
       STORAGE_HOME_DRIVER: eoshome
       STORAGE_USERS_DRIVER: eos
@@ -47,8 +40,6 @@ services:
       ACCOUNTS_STORAGE_DISK_PATH: /var/tmp/ocis/accounts
       # TODO make id the default in ocis-storage
       STORAGE_DRIVER_EOS_LAYOUT: "{{substr 0 1 .Id.OpaqueId}}/{{.Id.OpaqueId}}"
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-localhost}:9200
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-localhost}:9200/data
       # common eos settings used for both drivers: eos and eoshome
       STORAGE_DRIVER_EOS_MASTER_URL: ${EOS_MGM_URL:-root://mgm-master.testnet:1094}
       STORAGE_DRIVER_EOS_SLAVE_URL: ${EOS_MGM_URL:-root://mgm-master.testnet:1094}

ocis/docker-compose.yml

@@ -38,18 +38,9 @@ services:
       OCIS_LOG_LEVEL: debug
       # domain setup
       # TODO currently the below lines hardcode the port to 9200, use an OCIS_URL that includes protocol and port
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-localhost}
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-localhost}:9200
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-localhost}:9200
-      WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-localhost}:9200
-      WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-localhost}:9200/.well-known/openid-configuration
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-localhost}:9200
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-localhost}:9200
-      STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-localhost}:9200
+      OCIS_URL: https://${OCIS_DOMAIN:-localhost:9200}
       # TODO make id the default in ocis-storage
       STORAGE_DRIVER_EOS_LAYOUT: "{{substr 0 1 .Id.OpaqueId}}/{{.Id.OpaqueId}}"
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-localhost}:9200
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-localhost}:9200/data
       # common eos settings used for both drivers: eos and eoshome
       STORAGE_DRIVER_EOS_MASTER_URL: ${EOS_MGM_URL:-root://mgm-master.testnet:1094}
       STORAGE_DRIVER_EOS_SLAVE_URL: ${EOS_MGM_URL:-root://mgm-master.testnet:1094}

proxy/pkg/command/server.go

@@ -4,13 +4,14 @@ import (
 	"context"
 	"crypto/tls"
 	"fmt"
-	"github.com/owncloud/ocis/proxy/pkg/user/backend"
 	"net/http"
 	"os"
 	"os/signal"
 	"strings"
 	"time"
 
+	"github.com/owncloud/ocis/proxy/pkg/user/backend"
+
 	"contrib.go.opencensus.io/exporter/jaeger"
 	"contrib.go.opencensus.io/exporter/ocagent"
 	"contrib.go.opencensus.io/exporter/zipkin"
@@ -55,7 +56,9 @@ func Server(cfg *config.Config) *cli.Command {
 				return err
 			}
 
-			return ParseConfig(ctx, cfg)
+			if err := ParseConfig(ctx, cfg); err != nil {
+				return err
+			}
 		},
 		Action: func(c *cli.Context) error {
 			logger := NewLogger(cfg)

proxy/pkg/flagset/flagset.go

@@ -199,7 +199,7 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			Name:        "oidc-issuer",
 			Value:       "https://localhost:9200",
 			Usage:       "OIDC issuer",
-			EnvVars:     []string{"PROXY_OIDC_ISSUER"},
+			EnvVars:     []string{"PROXY_OIDC_ISSUER", "OCIS_URL"}, // PROXY_OIDC_ISSUER takes precedence over OCIS_URL
 			Destination: &cfg.OIDC.Issuer,
 		},
 		&cli.BoolFlag{

storage/pkg/command/gateway.go

@@ -28,6 +28,10 @@ func Gateway(cfg *config.Config) *cli.Command {
 			cfg.Reva.Gateway.Services = c.StringSlice("service")
 			cfg.Reva.StorageRegistry.Rules = c.StringSlice("storage-registry-rule")
 
+			if cfg.Reva.DataGateway.PublicURL == "" {
+				cfg.Reva.DataGateway.PublicURL == strings.TrimRight(cfg.Reva.Frontend.PublicURL, "/")+"/data"
+			}
+
 			return nil
 		},
 		Action: func(c *cli.Context) error {

storage/pkg/flagset/authbearer.go

@@ -24,7 +24,7 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
 			Name:        "oidc-issuer",
 			Value:       "https://localhost:9200",
 			Usage:       "OIDC issuer",
-			EnvVars:     []string{"STORAGE_OIDC_ISSUER"},
+			EnvVars:     []string{"STORAGE_OIDC_ISSUER", "OCIS_URL"}, // STORAGE_OIDC_ISSUER takes precedence over OCIS_URL
 			Destination: &cfg.Reva.OIDC.Issuer,
 		},
 		&cli.BoolFlag{

storage/pkg/flagset/frontend.go

@@ -80,7 +80,7 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
 			Name:        "public-url",
 			Value:       "https://localhost:9200",
 			Usage:       "URL to use for the storage service",
-			EnvVars:     []string{"STORAGE_FRONTEND_PUBLIC_URL"},
+			EnvVars:     []string{"STORAGE_FRONTEND_PUBLIC_URL", "OCIS_URL"}, // STORAGE_FRONTEND_PUBLIC_URL takes precedence over OCIS_URL
 			Destination: &cfg.Reva.Frontend.PublicURL,
 		},
 		&cli.StringSliceFlag{

storage/pkg/flagset/gateway.go

@@ -146,13 +146,13 @@ func GatewayWithConfig(cfg *config.Config) []cli.Flag {
 			Name:        "public-url",
 			Value:       "https://localhost:9200",
 			Usage:       "URL to use for the storage service",
-			EnvVars:     []string{"STORAGE_FRONTEND_PUBLIC_URL"},
+			EnvVars:     []string{"STORAGE_FRONTEND_PUBLIC_URL", "OCIS_URL"}, // STORAGE_FRONTEND_PUBLIC_URL takes precedence over OCIS_URL
 			Destination: &cfg.Reva.Frontend.PublicURL,
 		},
 		&cli.StringFlag{
 			Name:        "datagateway-url",
-			Value:       "https://localhost:9200/data",
-			Usage:       "URL to use for the storage datagateway",
+			Value:       "",
+			Usage:       "URL to use for the storage datagateway, defaults to <STORAGE_FRONTEND_PUBLIC_URL>/data",
 			EnvVars:     []string{"STORAGE_DATAGATEWAY_PUBLIC_URL"},
 			Destination: &cfg.Reva.DataGateway.PublicURL,
 		},

storage/pkg/flagset/ldap.go

@@ -84,7 +84,7 @@ func LDAPWithConfig(cfg *config.Config) []cli.Flag {
 			Name:        "ldap-idp",
 			Value:       "https://localhost:9200",
 			Usage:       "Identity provider to use for users",
-			EnvVars:     []string{"STORAGE_LDAP_IDP"},
+			EnvVars:     []string{"STORAGE_LDAP_IDP", "OCIS_URL"}, // STORAGE_LDAP_IDP takes precedence over OCIS_URL
 			Destination: &cfg.Reva.LDAP.IDP,
 		},
 		// ldap dn is always the dn

web/pkg/command/server.go

@@ -33,12 +33,21 @@ func Server(cfg *config.Config) *cli.Command {
 		Flags: flagset.ServerWithConfig(cfg),
 		Before: func(c *cli.Context) error {
 			if cfg.HTTP.Root != "/" {
-				cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
+				cfg.HTTP.Root = strings.TrimRight(cfg.HTTP.Root, "/")
 			}
 
 			cfg.Web.Config.Apps = c.StringSlice("web-config-app")
 
-			return ParseConfig(c, cfg)
+			if err := ParseConfig(c, cfg); err != nil {
+				return err
+			}
+
+			// build well known openid-configuration endpoint if it is not set
+			if cfg.Web.Config.OpenIDConnect.MetadataURL == "" {
+				cfg.Web.Config.OpenIDConnect.MetadataURL = strings.TrimRight(cfg.Web.Config.OpenIDConnect.Authority) + "/.well-known/openid-configuration"
+			}
+
+			return nil
 		},
 		Action: func(c *cli.Context) error {
 			logger := NewLogger(cfg)

web/pkg/flagset/flagset.go

@@ -161,7 +161,7 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			Name:        "web-config-server",
 			Value:       "https://localhost:9200",
 			Usage:       "Server URL",
-			EnvVars:     []string{"WEB_UI_CONFIG_SERVER"},
+			EnvVars:     []string{"WEB_UI_CONFIG_SERVER", "OCIS_URL"}, // WEB_UI_CONFIG_SERVER takes precedence over OCIS_URL
 			Destination: &cfg.Web.Config.Server,
 		},
 		&cli.StringFlag{
@@ -186,16 +186,16 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 		},
 		&cli.StringFlag{
 			Name:        "oidc-metadata-url",
-			Value:       "https://localhost:9200/.well-known/openid-configuration",
-			Usage:       "OpenID Connect metadata URL",
+			Value:       "",
+			Usage:       "OpenID Connect metadata URL, defaults to <WEB_OIDC_AUTHORITY>/.well-known/openid-configuration",
 			EnvVars:     []string{"WEB_OIDC_METADATA_URL"},
 			Destination: &cfg.Web.Config.OpenIDConnect.MetadataURL,
 		},
 		&cli.StringFlag{
 			Name:        "oidc-authority",
 			Value:       "https://localhost:9200",
-			Usage:       "OpenID Connect authority", // TODO rename to Issuer
-			EnvVars:     []string{"WEB_OIDC_AUTHORITY"},
+			Usage:       "OpenID Connect authority",                 // TODO rename to Issuer
+			EnvVars:     []string{"WEB_OIDC_AUTHORITY", "OCIS_URL"}, // WEB_OIDC_AUTHORITY takes precedence over OCIS_URL
 			Destination: &cfg.Web.Config.OpenIDConnect.Authority,
 		},
 		&cli.StringFlag{