openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

sample configurations

Open drzraf opened this issue 6 years ago • 3 comments

It's supposed that Google is a supported openid provider. It already provides a metadata URL which should ease configuration: https://accounts.google.com/.well-known/openid-configuration Anyway the "End Session Endpoint URL" is not clear. Is it actually what Google calls a "revocation_endpoint"?

Samples of configuration for common providers would be welcome or, better, make use of the metadata URL to automatically fill the fields.

drzraf avatar Mar 23 '18 02:03 drzraf

Making use of the metadata URLs sounds awesome. I definitely want to look into that.

In this case, yes the End Session Endpoint URL is meant to be that URL where the access token is revoked. But, it is very simple and expects the url will automatically handle the revocation upon being visited (GET request).

I've not tested this with Google, do they expect a POST request or something more than simply hitting a URL?

daggerhart avatar Mar 24 '18 13:03 daggerhart

For the record: https://gitlab.com/.well-known/openid-configuration https://auth0.auth0.com/.well-known/openid-configuration https://accounts.google.com/.well-known/openid-configuration https://login.yahoo.com/.well-known/openid-configuration https://connect-op.herokuapp.com/.well-known/openid-configuration https://login.salesforce.com/.well-known/openid-configuration https://login.windows.net/common/.well-known/openid-configuration https://www.paypalobjects.com/.well-known/openid-configuration

See also: https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/openid-connect-providers

drzraf avatar May 24 '18 13:05 drzraf

To answer the question about "End Session Endpoint URL", I used this endpoint and it seems to work fine (although I don't actually know if it's doing anything on Google's end):

https://oauth2.googleapis.com/revoke

It's listed at https://accounts.google.com/.well-known/openid-configuration as the "revocation_endpoint".

mbrowne avatar Jul 16 '20 17:07 mbrowne

Noting that the Wiki has been compiling IDP setup guides. Additionally, one of the nect major releases is going to include using the OIDC configuration discovery endpoint to pre-configure the plugin settings.

timnolte avatar Apr 25 '24 13:04 timnolte