ktor icon indicating copy to clipboard operation
ktor copied to clipboard

Published 20 hours ago verified publisher icon ktorio

Improve support for oauth providers

Open soywiz opened this issue 7 years ago • 3 comments

Right now Ktor provides functionality to get an OAuth token, and there is a sample with some providers. But for authenticating you need to know which principal are you authenticating, so providing functionality to resolve the user's email or id from the token at least for popular providers would be a really nice addition.

soywiz avatar Feb 17 '18 20:02 soywiz

To add to this, it should probably be noted in documentation at least that OAuth by itself is authorisation and not authentication. In other words it is the keys to your house, but not your identity documents.

OpenID Connect is the current best option here that I know of; it supplies an ID token in the OAuth response. The Google example should use this.

At a bare minimum to use OAuth as authentication it needs to have an endpoint that can supply a userID which doesn't change if they change their login name or email for example.

thiakil avatar Apr 27 '19 10:04 thiakil

Another point in favor of improving support of Oauth. The client credentials grant would be really useful for authorizing internal and external services communications.

fracaron avatar Jul 31 '19 15:07 fracaron

Please check the following ticket on YouTrack for follow-ups to this issue. GitHub issues will be closed in the coming weeks.

oleg-larshin avatar Aug 10 '20 15:08 oleg-larshin