feat: access token & enhance endpoints (/login, /userinfo, /logout) #68
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue Item:
Description:
1. access token
access_token
sent by the IdP.access_token
in the k/v store as same as we storeid_token
andrefresh_token
2. new endpoints
Add
/userinfo
endpoint:$oidc_userinfo_endpoint
as same as authz and token endpoints here (openid_connect_configuration.conf
) ./userinfo
endpoint here(openid_connect.server_conf
) in a location block of NGINX Plus to interact with IdP'suserinfo_endpoint
which is defined in the endpoint ofwell-known/openid-configuration
.userinfo_endpoint
by addingaccess_token
as a bearer token.Expose
/login
endpoint:/login
endpoint as a location block here (openid_connect.server_conf
)authorization_endpoint
configured in the map variable of$oidc_authz_endpoint
in (openid_connect_configuration.conf
).Enhance
/logout
endpoint:$oidc_end_session_endpoint
as same as authz and token endpoints here (openid_connect_configuration.conf
) .end_session_endpoint
to finish the session by IdP.Enhance
/_logout
endpoint:/_logout
endpoint which is a callback from IdP as a location block here (openid_connect.server_conf
) to handle the following sequences.3. add endpoints in
configure.sh
Compatibility: