Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add examples for non-oidc-provider providers mentioned in README #153

Open
Nerglej opened this issue Mar 27, 2024 · 2 comments
Open

Add examples for non-oidc-provider providers mentioned in README #153

Nerglej opened this issue Mar 27, 2024 · 2 comments

Comments

@Nerglej
Copy link

Nerglej commented Mar 27, 2024

The README for this repo has this line as the very first you read:

This library provides extensible, strongly-typed interfaces for the OpenID Connect protocol, which can be used to authenticate users via GitHub, Google, GitLab, Microsoft, Apple, Discord, and many other providers.

There's only an example in the docs for Google which uses Google's discover endpoint (/.well-known/openid-configuration).

The README clearly mentions GitHub, Discord and 'many other providers', but GitHub and Discord (the ones that I've tested, but I would imagine a lot more) doesn't have a discover endpoint.

That is in itself fine, because you can just work around the discover-endpoint with CoreProviderMetadata. You can't use CoreProviderMetadata::new() for Discord though, since they also don't have a JWKS-endpoint (haven't checked GitHub). And that's where I'm currently stuck, but will still work on it though.

So I'm kindly asking for an example of how to implement an OpenID Connect client for Discord/GitHub/'many other providers' that doesn't have the discover endpoint. I've already implemented authentication for Discord, GitHub, Facebook and others with the OAuth2 crate, so I'm not that new to this, but I still feel like I'm missing something in this crate...

Kind regards😊
@ramosbugs
Copy link
Owner

GitHub, Google, GitLab, Microsoft, Apple, Discord, and many other providers.

Ah whoops, I think I was confusing GitHub's support for OIDC from within Actions for its own API auth, which seems to be OAuth2-only. I'll remove GitHub from that list. If I was mistaken about any other providers in this list supporting OIDC, I'd be happy to remove those as well.

So I'm kindly asking for an example of how to implement an OpenID Connect client for Discord/GitHub/'many other providers' that doesn't have the discover endpoint. I've already implemented authentication for Discord, GitHub, Facebook and others with the OAuth2 crate, so I'm not that new to this, but I still feel like I'm missing something in this crate...

This is fair, and I agree it's worth adding an example that shows how to set the endpoints manually.

It's straightforward to do and mirrors how the oauth2 crate works. Instead of calling CoreClient::from_provider_metadata(), call CoreClient::new(), which allows you to provide the same info that's read from the provider metadata when using OIDC Discovery.

Note that both this crate's and oauth2's APIs are going to change a bit soon in their respective upcoming major releases, but the general approach here will be the same.

ramosbugs added a commit that referenced this issue Mar 27, 2024
@ramosbugs
Update list of example OIDC providers
fcada17 
It turns out that GitHub and Discord only implement plain OAuth2 for
sign-in. Apple implements a non-spec-compliant subset of OIDC that isn't
compatible with this library (i.e., it issues ID tokens but doesn't
accept the mandatory `openid` scope).

Relates to #153.
@ramosbugs
Copy link
Owner

I updated the README for accuracy in fcada17. Thanks for pointing out those issues! I was too hasty in adding those a few weeks ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ramosbugs @Nerglej