Support Generic OAuth2 Providers #180
Comments
|
Sounds nice! I would really appreciate not needing custom code for each provider. My only question is how to handle the UserInfoFetcher. Any thoughts? |
|
That does appear to be the crux... Both OAuth2 Introspection and OIDC UserInfo can return an email. For Introspection, the email could show up as either For UserInfo, the email will likely be The custom provider could be constrained to the OAuth2 and OIDC spec, with the expectation that a GET with a bearer token to a specified endpoint returns a JSON response with status 200. Reading the JWT could be done, but then we would have to manage keys for signature verification. Whether it's OAuth2 or OIDC may be immaterial. The config could also specify which fields to map to ID and email. So we could add:
|
|
Was trying to investigate how to integrate with oidc and I see this ticket didn't really progress? |
|
@c-nv-s That's correct. I'd be happy to review a pull request however! |
Keratin supports generic OAuth2 providers here: https://github.com/keratin/authn-server/blob/master/lib/oauth/provider.go
However, there is no means to read configurations from the environment, or otherwise inject them. The credentials, scopes and endpoints required for an
*oauth2.Configcould be represented by:CUSTOM_OAUTH_NAME(Used for HTTP path.)CUSTOM_OAUTH_CREDENTIALSCUSTOM_OAUTH_AUTH_URLCUSTOM_OAUTH_TOKEN_URLCUSTOM_OAUTH_SCOPESOr, the env vars could be written to be easily pattern matchable to allow for multiple custom providers.
I see there are outstanding requests for Twitter and other providers. A generic provider would sidestep the need to PR for every requested provider. I believe the
oauth2library took the same tack and basically stopped accepting changes for what amounted to config as code: https://github.com/golang/oauth2#policy-for-new-packagesThe text was updated successfully, but these errors were encountered: