next-auth icon indicating copy to clipboard operation
next-auth copied to clipboard

Published 20 hours ago โ€ข verified publisher icon nextauthjs

Allow Specifying full oidc-client Issuer Metadata without Discovery

Open shartte opened this issue 3 years ago โ€ข 4 comments

Reasoning ๐Ÿ’ก

Allow setting the full oidc-client Issuer metadata without using Issuer discovery by making issuer string|IssuerMetadata. I would argue that issuer is completely useless without setting jwks_uri, and the type should probably be migrated to IssuerMetadata|undefined fully at some point, potentially making it mutually exclusive with wellKnown.

This could be considered a breaking change due to removing the jwks_endpoint property from the Typescript types. However, this property was fully ignored so far.

Checklist ๐Ÿงข

  • [ ] Documentation
  • [ ] Tests
  • [x] Ready to be merged

Affected issues ๐ŸŽŸ

Fixes #3567

shartte avatar Jan 05 '22 14:01 shartte

It looks like this issue did not receive any activity for 60 days. It will be closed in 7 days if no further activity occurs. If you think your issue is still relevant, commenting will keep it open. Thanks!

stale[bot] avatar Mar 09 '22 00:03 stale[bot]

Well, has this been fixed otherwise?

shartte avatar Mar 09 '22 08:03 shartte

It looks like this issue did not receive any activity for 60 days. It will be closed in 7 days if no further activity occurs. If you think your issue is still relevant, commenting will keep it open. Thanks!

stale[bot] avatar May 25 '22 22:05 stale[bot]

Thanks for the PR! I look this up and see that in the past there was an attempt with a similar goal #3583, but I like your PR better. Previously jwks_uri is passed in when constructing the Issuer, but we removed it in favor of wellKnown. @balazsorban44 what do you think about bringing it back for this use case?

ThangHuuVu avatar Jun 02 '22 13:06 ThangHuuVu

Would be great if this can be merged. ๐Ÿ‘

Some OIDC providers implement the Core specification, does not implement the Discovery spec, and only supports id_token response type.

The only missing piece getting NextAuth to work with this provider is to support setting jwks_uri property.

dtinth avatar Oct 11 '22 08:10 dtinth

Is there a workaround to specify jwks_uri without this change @ThangHuuVu ?

flchaux avatar Nov 21 '22 12:11 flchaux

Be great if this could get looked at again. If we don't use wellKnown we need to be able to set jwks_uri

tgeorgiadis avatar Jan 16 '23 15:01 tgeorgiadis

@flchaux no workaround from userland since the issuer object is created in the core - you could use patch-package to patch the fix while waiting for the merge & next release @shartte sorry for the delayed response, let's get it in. Could you resolve the conflict one more time? ๐Ÿ™Œ

ThangHuuVu avatar Jan 25 '23 13:01 ThangHuuVu

@ThangHuuVu Sorry, but I no longer use this project.

shartte avatar Jan 25 '23 13:01 shartte

Is there any updates on this?

Djboy08 avatar Feb 16 '23 19:02 Djboy08

Let's close this PR now. If anyone is interested, feel free to open a new PR to our v4 branch - that's where we're accepting new PRs for the next-auth package.

ThangHuuVu avatar Feb 23 '23 04:02 ThangHuuVu