David Ramos
David Ramos
@nlopes: gentle ping -- any thoughts on the approach above?
Hi @FabianLars, The `Accept` header isn't mentioned in the [spec](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo), so I think there's some flexibility here. The current `Accept: application/json` behavior seems like a sensible default, but it should...
This is now released in [3.5.0](https://crates.io/crates/openidconnect/3.5.0).
I'm open to adding Webfinger support to this crate since it's part of the OIDC spec, but I'm curious to learn more about the use cases. What did you mean...
Hey @keponk, For CLI apps, there are a couple of options, depending on your preferences and what the OpenID Connect provider (i.e., Okta) supports. If you want to avoid hosting...
Hey @sidju, Thanks for this feedback. I've had to spend so much time buried in the specs to write this crate (and `oauth2`) that it's difficult to look at the...
That sounds great, thanks!
Wonderful... you'd think Auth0 could at least be [internally consistent](https://github.com/ramosbugs/openidconnect-rs/issues/23) with how they (mis)represent timestamps. Fortunately, Auth0 appears to be returning raw JSON UserInfo responses rather than signed JWTs, so...
I'm sympathetic to Microsoft's customers' frustrations here while also being annoyed that Microsoft decided to ignore the spec and push this problem to both customers and library maintainers. Since this...
> As for JWT validation, I'm not sure how the "recommended" escape hatch could be implemented, even by a library that wraps this one, because the client id/secret gets moved...