David Ramos
David Ramos
I see from search results that some OIDC providers define an `introspection_endpoint` field in their metadata, but I'm not able to find any IETF RFC or spec from the OpenID...
> I see that there is [RFC 8414](https://datatracker.ietf.org/doc/html/rfc8414), but it's a _Proposed Standard_. Oh, this may be sufficient justification to include it! The introspection, revocation, and device authorization grant RFCs...
I've looked over RFC 8414, and I'm a little hesitant to mix fields from this newer OAuth2 standard with the fields from the original OIDC Discovery standard. It's possible that...
> @ramosbugs It looks like the device authorization grant workflow has been fully approved by RFC 8628, it also adds the appropriate discovery document section and request parameters, see [RFC...
hey @Gearme, thanks for contributing this PR. Unfortunately, I won't have the bandwidth to thoroughly learn the DPoP spec and get this feature merged in the near future. The spec...
Hmm... the [Google example](https://github.com/ramosbugs/openidconnect-rs/blob/414eb35419f84ab370c0d9acc3af72d72b67462c/examples/google.rs) seems to work with the client credentials in the `Authorization` header rather than the body, but you can change this behavior by calling [`client.set_auth_type(AuthType::RequestBody)`](https://docs.rs/openidconnect/3.3.0/openidconnect/struct.Client.html#method.set_auth_type). The other...
Did you try `set_auth_type`? The 400 error text should at least change in that scenario since there should no longer be an Authorization header. The updated error will hopefully point...
the missing `Authorization` header could be a CORS issue that might be solved by calling [`fetch_credentials_include`](https://docs.rs/reqwest/latest/wasm32-unknown-unknown/reqwest/struct.RequestBuilder.html#method.fetch_credentials_include) on the reqwest client passed into this crate. See also https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sending_a_request_with_credentials_included
Hi @smndtrl, Thanks for the PR. Since the cited spec is part of OpenID Connect, and given the complexity and additional dependencies required to deal with JWTs, I think this...
> Thanks for the PR. Since the cited spec is part of OpenID Connect, and given the complexity and additional dependencies required to deal with JWTs, I think this functionality...