outline
outline copied to clipboard
outline
Allow loading OIDC info from well-known endpoint
Currently we require all of the OIDC endpoints to be provided separately, almost all OIDC implementations also publish a "well-known" endpoint that returns a JSON response with all of the configuration details required.
It would be good to have a new OIDC_CONFIGURATION_URL which can be provided with the client ID and secret, we can fetch the config on server startup and no more separate parameters would be required.
Related #3954
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
An odd convention that I have seen in multiple places now, is to reuse a given OIDC_ISSUER variable and take it for a discovery endpoint, if no other URLs are provided.
I just returned here, intending to propose an OUTLINE_OIDC_ISSUER for the matter, as seen in other implementations.
Does this appear to be a convenient convention? The well-known URL path /.well-known/openid-configuration` comes with the guarantee, that it will always be at the same resource location.
as seen in other implementations
I'm not familiar with other implementations but we don't generally put OUTLINE_ in our env variables
Okay. I was confused about issuer at first, when I saw it. Having seen it being used in multiple places for the sake of identifying the well-known endpoint, it can be assumed it's the standard.
The application-specific prefix in environmental variables is a common pattern seen elsewhere, which allows to distinguish and specify settings in the global .env more easily.