How a TwinfinitySession discovers its OpenID Connect provider and which origin it is pinned
to. Exactly one of the two must be supplied:
apiUrl — the Twinfinity backend this app talks to. Discovery is rooted at that origin's
/.well-known/openid-configuration (any path is discarded and a leading bim. stripped — see
openIdProviderConfigurationUrl), and the session is pinned to that canonical origin. This is
the recommended option: pointing BimApi.create at the same backend URL is then guaranteed to
match the pinned origin, so the session's token is only ever sent there.
openIdProviderUrl — an explicit provider URL, used verbatim (host as given, path
preserved, no bim. stripping; see deriveOpenIdProviderConfigurationUrl). Use this for a
fixed/known IdP that does not follow the backend's origin convention. The session is pinned to that
URL's origin.
How a TwinfinitySession discovers its OpenID Connect provider and which origin it is pinned to. Exactly one of the two must be supplied:
/.well-known/openid-configuration(any path is discarded and a leadingbim.stripped — see openIdProviderConfigurationUrl), and the session is pinned to that canonical origin. This is the recommended option: pointing BimApi.create at the same backend URL is then guaranteed to match the pinned origin, so the session's token is only ever sent there.bim.stripping; see deriveOpenIdProviderConfigurationUrl). Use this for a fixed/known IdP that does not follow the backend's origin convention. The session is pinned to that URL's origin.