Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OIDC Discovery support #11

Open
dwt opened this issue Aug 13, 2021 · 2 comments
Open

Add OIDC Discovery support #11

dwt opened this issue Aug 13, 2021 · 2 comments

Comments

@dwt
Copy link

dwt commented Aug 13, 2021

This makes it massively easier to integrate with existing oidc clients.

After getting the the jwks_uri endpoint to work as described in #2 I added this handler to get auto discovery to work:

@bp.route("/.well-known/openid-configuration")
def well_known_openid_configuration():
    def external_url(function_name):
        return url_for(function_name, _external=True)
    
    return jsonify({
        "authorization_endpoint": external_url('.authorize_endpoint'),
        "token_endpoint": external_url('.token_endpoint'),
        "userinfo_endpoint": external_url('.userinfo_endpoint'),
        "jwks_uri": external_url('.jwks_endpoint'),
        # Do I even need this one?
        # IMO the OIDC server doesn't have a concept of a user being still logged in? --mh
        # "end_session_endpoint": "http://oidc:4000/openid/end-session",
        "id_token_signing_alg_values_supported": [
            "HS256",
            "RS256"
        ],
        "issuer": JWT_CONFIG['iss'],
        "response_types_supported": [
            "code",
            # TODO check what it takes to support these too
            # "id_token",
            # "id_token token",
            # "code token",
            # "code id_token",
            # "code id_token token"
        ],
        "subject_types_supported": [
            "public"
        ],
        "token_endpoint_auth_methods_supported": [
            # TODO is supporting both a good idea? --mh
            "client_secret_post",
            "client_secret_basic"
        ],
    })

@lepture is there a way to add this to the example code? Or use this a starting point to add it? (I'm not particularly sure this is even right).
@dwt
Copy link
Author

dwt commented Oct 19, 2021

@lepture ping?

@dwt dwt mentioned this issue Oct 20, 2021
Open
@dwt
Copy link
Author

dwt commented Mar 17, 2022

@lepture Hey, how about some feedback?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dwt