openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

Endpoint information to be extracted from openid-configuration information url instead of plugin settings

Open Glowsome opened this issue 4 years ago • 5 comments

Is your feature request related to a problem? Please describe. No. This is a more dynamic way in solving current manual settings entry in the Plugin.

Describe the solution you'd like Every OpenID-connect IdP has a (publicly accessible)configuration endpoint that holds all information regarding the endpoints, scopes, claim support and more. Instead of having to input all the defined endpoints manually it would be a simplification to be able to just retrieve this information and use/apply this to the Plugin's configuration.

Describe alternatives you've considered The alternate method is already there - meaning manually entering endpoint-info (per endpoint)

Additional context Purpose of this enhancement proposal is to make the plugin more dynamic on one end, and less user-configuration on the other end.

So my suggestion would be to have the plugin config changed in a way so that it has a one setting for the place where this well-known configuration is available. Let the plugin retrieve the configuration ( as its all json style) and apply/populate the information into the (endpoint-)settings.

Glowsome avatar Nov 18 '20 23:11 Glowsome

Agreed. Should be simple to implement too.

coltonmccormack avatar Nov 25 '20 18:11 coltonmccormack

+1

martinrm77 avatar May 20 '21 12:05 martinrm77

Quick note since we haven't responsed to this: @timnolte and I have discussed this and agree that this would be a good feature. Just haven't had time recently to create it. PRs are welcome if someone wants to take a crack at it.

daggerhart avatar May 20 '21 12:05 daggerhart

Yeah, sorry to say that the focus lately has been on bug fixes in an effort to make sure that existing functionality is solid before adding additional enhancements. Additional enhancements also means more features that will end up creating more support requests.

I will say though that I have noticed that what the various IDPs provide in their discovery endpoints is not all the same. This will require some testing across at least a handful of IDPs to make sure it's functional for more widespread use.

timnolte avatar May 21 '21 04:05 timnolte

Yeah, sorry to say that the focus lately has been on bug fixes in an effort to make sure that existing functionality is solid before adding additional enhancements. Additional enhancements also means more features that will end up creating more support requests.

I will say though that I have noticed that what the various IDPs provide in their discovery endpoints is not all the same. This will require some testing across at least a handful of IDPs to make sure it's functional for more widespread use.

In my defense/ motivation if a IDP/Provider is able to generate this it ought to adhere to https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig Which in my personal opinion would simplify iterating through the configured URL ... regardless of the exact implementation on the IDP end ?

Glowsome avatar May 26 '21 00:05 Glowsome

@Glowsome sorry, going to close this as well since there is already an open issue for implementing discovery. I think I'm going to make this feature the next priority, along with hopefully PKCE, for the next release.

https://github.com/oidc-wp/openid-connect-generic/issues/143

timnolte avatar Apr 23 '24 22:04 timnolte