security icon indicating copy to clipboard operation
security copied to clipboard
verified publisher icon jakartaee

change userinfoEndpoint in OpenIdProviderMetadata to optional

Open jimmy1wu opened this issue 3 years ago • 0 comments

hello,

i'm proposing to change the userinfoEndpoint in OpenIdProviderMetadata from Required to Optional in its javadoc.

i think this will make it more aligned with the authentication mechanism spec since:

  1. it is not one of the required values under the Metadata configuration section.

The following metadata values are required (since they are defined as required by the OpenID Specification):

Authorization endpoint

Token endpoint

JWKS URI

Issuer of the tokens

Supported Subject types

Supported Response types

Supported Id Token Signing Algorithms

https://github.com/jakartaee/security/blob/master/spec/src/main/asciidoc/authenticationMechanism.adoc#metadata-configuration

  1. not all op's support the user info endpoint.

An implementation may choose to not implement the call to the User Info Endpoint, in all cases or when a certain configuration value is set, since not all OpenID Connect Providers support this User Info Endpoint.

https://github.com/jakartaee/security/blob/master/spec/src/main/asciidoc/authenticationMechanism.adoc#caller-name-and-groups

Signed-off-by: Jimmy Wu [email protected]

jimmy1wu avatar Oct 21 '22 16:10 jimmy1wu