Comments (4)
@yourtallness the public key is provided to clients through the OIDC discovery mechanism, specifically through the standardized /.well-known/openid-configuration
endpoint which points to our custom /oauth/discovery/keys
endpoint (see https://github.com/doorkeeper-gem/doorkeeper-openid_connect#routes).
Additionally, if we are not using the implicit flow that returns the id_token (e.g. we use the authorization code flow only), we can skip this configuration, correct?Turns out the gem requires the signing_key even if no id_token is being requested.
Not sure I follow, AFAIK an ID token is always returned in some form when the openid
scope is requested. If that scope is not included, this gem shouldn't become active and you're dealing with a normal OAuth flow from the Doorkeeper gem.
from doorkeeper-openid_connect.
I mean that we don't use the implicit flow that returns the id_token
.
Our clients will be hitting the userinfo endpoint to obtain the user information.
from doorkeeper-openid_connect.
@yourtallness ok thanks I was confused, I checked the specs and it's possible to send a request with response_type=code
where no ID token is returned: https://openid.net/specs/openid-connect-core-1_0.html#Authentication
Can you post the exact error you're running into?
I'm wondering if it would be sufficient to specify nil
as default for signing_key
in Doorkeeper::OpenidConnect::Config
:
from doorkeeper-openid_connect.
Turns out the client had to interface with actually required the id_token
to be included in the access_token response, so the use case in the original post is now not applicable to us.
FWIW, I set the signing_key
to nil
and it worked.
Thanks for the support!
from doorkeeper-openid_connect.
Related Issues (20)
- `/.well-known/openid-configuration` crashes when `Doorkeeper.config.allow_token_introspection` is false HOT 1
- Shouldn't controllers inherit `Doorkeeper::ApplicationMetalController`? HOT 1
- Using `root_url` in `#webfinger_response` can violate specification
- `access_grant_class` is broken. HOT 7
- Possible to disable `client_secret_basic` for `token_endpoint_auth_methods_supported`?
- RP-initiated logout post_logout_redirect_uri is not validatable
- Broken with Doorkeeper v5.6.3
- uninitialized constant Doorkeeper::JWT::JWK in 1.8.4 HOT 8
- OpenID working with rails app HOT 5
- Support for sessions and session_state HOT 1
- Support multiple devise models
- `kid` value in headers in different format after upgrading from 1.8.3 to 1.8.5 HOT 2
- Missing v1.8.5 tag HOT 2
- NameError: uninitialized constant Doorkeeper::JWT::JWK HOT 6
- kid is different for different versions of doorkeeper-openid_connect HOT 1
- Certificate verify failed from SSL
- Doorkeeper patch v5.6.8 modified exception handling to require objects instead of symbols HOT 2
- some combinations of prompt causes double rendering/redirection
- Support dynamic signing_key
- Customize webfinger responses
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doorkeeper-openid_connect.