openidconnect-rs Can't use with GitHub OIDC because GitHub OIDC Discovery metadata lacks authorization

Can't use with GitHub OIDC because GitHub OIDC Discovery metadata lacks authorization_endpoint

Open colemickens opened this issue 8 months ago • 1 comments

As the title says, I can't use this library with GitHub OIDC tokens because GitHub's discovery metadata lacks authorization_endpoint.

Could it be made optional?

https://token.actions.githubusercontent.com/.well-known/openid-configuration

Apr 03 '25 13:04 colemickens

unfortunately, the spec defines it as a required field:

REQUIRED. URL of the OP's OAuth 2.0 Authorization Endpoint [OpenID.Core]. This URL MUST use the https scheme and MAY contain port, path, and query parameter components.

since GitHub isn't following the spec, OIDC Discovery won't work out of the box. there are a few possible workarounds:

directly construct the Client without using OIDC
fetch the provider metadata separately using any HTTP client, construct a ProviderMetadata manually, and then call Client::from_provider_metadata()
pass a custom HTTP client to ProviderMetadata::discover() that adds a dummy authorization_endpoint field to the response body

Apr 04 '25 05:04 ramosbugs

openidconnect-rs openidconnect-rs copied to clipboard

Can't use with GitHub OIDC because GitHub OIDC Discovery metadata lacks authorization_endpoint

openidconnect-rs
openidconnect-rs copied to clipboard