Comments (5)
That would be great!
Looks like they support OIDC which is very easy to add an integration for. You can take a look at the Azure AD integration (ignoring the tenant logic), and the docs for OIDC base integration:
https://github.com/pow-auth/assent/blob/master/lib/assent/strategies/azure_ad.ex
https://github.com/pow-auth/assent/blob/master/lib/assent/strategies/oidc/base.ex
For the tests I usually copy values from the provider documentation: https://github.com/pow-auth/assent/blob/master/test/assent/strategies/azure_ad_test.exs#L6
from assent.
@danschultzer Thanks for your inform. I'll read and open PR today. :)
from assent.
@danschultzer LINE Login use HS256 for ID Token. How do we change alg to use HS256 instead of RS256?
@danschultzer since LINE Login use alg HS256 for ID Token. After I try passing params to the callback I received error like this:
{:error, "`alg` in ID Token can only be \"RS256\""}
After read and inspecting code. I found that error come from OIDC.validate_id_token/2
in step verify_alg/2
after passing verify_jwt/3
which's returns alg HS256 in the header. Is it should be check HS256 in verify_alg/2
or need another option to make it work on HS256?
from assent.
It's work fine if we set id_token_signed_response_alg
in openid_configuration but it's requires another configuration to make it works. This is sample configuration that it's works for me:
def default_config(_config) do
[
site: "https://access.line.me",
authorization_params: [scope: "email profile", response_type: "code"],
openid_configuration: %{
"id_token_signed_response_alg" => ["HS256"],
"issuer" => "https://access.line.me",
"authorization_endpoint" => "https://access.line.me/oauth2/v2.1/authorize",
"token_endpoint" => "https://api.line.me/oauth2/v2.1/token",
"jwks_uri" => "https://api.line.me/oauth2/v2.1/certs"
}
]
end
I need to set this manually because well known openid configuration doesn't returned id_token_signed_response_alg
:
$ curl https://access.line.me/.well-known/openid-configuration
{
"issuer": "https://access.line.me",
"authorization_endpoint": "https://access.line.me/oauth2/v2.1/authorize",
"token_endpoint": "https://api.line.me/oauth2/v2.1/token",
"jwks_uri": "https://api.line.me/oauth2/v2.1/certs",
"response_types_supported": [ "code" ],
"subject_types_supported": [ "pairwise" ],
"id_token_signing_alg_values_supported": [ "ES256" ]
}
Do you have any suggestion?
from assent.
Yeah, found out the handling of the response alg was incorrect. It was a bit difficult to understand from the RFC:
- The alg value SHOULD be the default of RS256 or the algorithm sent by the Client in the id_token_signed_response_alg parameter during Registration.
But I looked at other OIDC implementations, and setting it as a configuration option seems to be the way to do it. #59 handles that, and I've refactored #58 to use the new configuration option so we don't need to set the open id config manually. I'll get a new release out shortly!
from assent.
Related Issues (20)
- Auth0: Support Variable-Length Access Token and Authorization Codes HOT 1
- PCKE support? HOT 2
- Multiple audiences HOT 5
- Allow to pass `state` parameter HOT 1
- Sign in with Apple: Strategy failed with error: :enoent HOT 1
- LinkedIn OAuth Strategy HOT 1
- Warnings with Elixir 1.11 HOT 2
- mistaken double post, please excuse
- Reliance on inets? HOT 2
- Should OIDC fetch_user, fetch_userinfo, and validate_id_token allow for dynamic OpenID configuration? HOT 3
- OTP 24 :crypto.hmac/3 doesn't exist anymore HOT 2
- How to get the authorization code on react native for the Facebook strategy
- Callback param "user" is not parsed when using Apple strategy with "name" scope HOT 2
- Yandex OAuth Strategy
- Google Sign in for mobile strategy
- Using Tesla for HTTP HOT 1
- OIDC normalize/2 to conform to OAuth2 normalize/2 HOT 3
- Slack always "asks" for permission HOT 4
- Azure AD should expose more user info HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from assent.