David Ramos

icon indicating a website link www.linkedin.com/in/david-ramos-phd icon indicating an email [email protected]

icon company Figma icon location San Francisco, CA icon location Projects owned by this account are personal and not affiliated with my employer.

Results 148 comments of David Ramos

Can't use with GitHub OIDC because GitHub OIDC Discovery metadata lacks authorization_endpoint

unfortunately, the [spec](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) defines it as a required field: > REQUIRED. URL of the OP's OAuth 2.0 Authorization Endpoint [[OpenID.Core]](https://openid.net/specs/openid-connect-discovery-1_0.html#OpenID.Core). This URL MUST use the `https` scheme and MAY contain...

Token respose does not always include nonce

Hey @Darkrael, thanks for reporting this issue. The [relevant portion](https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse) of the spec is: > it SHOULD NOT have a `nonce` Claim, even when the ID Token issued at the...

Token respose does not always include nonce

> if i understand the code correctly, there is no difference between a token gained through refresh and a token gained through the initial authentication flow, where the nonce must...

Token respose does not always include nonce

oh, I forgot `NonceVerifier` is also implemented for [`FnOnce(Option) -> Result`](https://docs.rs/openidconnect/latest/openidconnect/trait.NonceVerifier.html#impl-NonceVerifier-for-F). this means users can just do: ```rust id_token.claims(&id_token_verifier, |_| Ok(())) ``` In that case, I think I'll just mention...

Provider implementation

Hey @andrewbaxter, Great points! The provider-side functionality currently offered by this crate is mostly around generating responses (e.g., serializing and signing ID tokens, `StandardTokenResponse`, etc.). To parse requests, I think...

Question on AdditionalClaims for id_token

the `EmptyAdditionalClaims` in the error makes me think you're using `CoreClient` or one of the `CoreIdToken*` types somewhere. is it possible `client` is being coerced to a `CoreClient` somewhere after...

What is the expected behavior after introducing use just 2FA for login ?

I'm not sure what this issue is asking. That looks like an error message being returned by the identity provider, so I'd suggest consulting their documentation or reaching out to...

Need to override discovery document url

Hi @wt, Unfortunately, Intuit isn't following the [spec](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig), which is clear about the relationship between the issuer URL and the discovery URL: > OpenID Providers supporting Discovery MUST make a...

Need to override discovery document url

> I wonder if there is room for an example that implements this kind of workaround? There aren't currently any examples illustrating a custom HTTP client, and I'd welcome one...

Question: benefits for social login in comparison to `oauth2-rs`

Both crates implement the relevant OAuth2 and OpenID Connect standards. The comparison between those standards and their purposes isn't specific to these Rust crates. There are many blog posts that...