Skip to content

/ oauthlib

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation for OIDC provider unclear #715

Open
voegtlel opened this issue Jan 19, 2020 · 1 comment
Open

Documentation for OIDC provider unclear #715

voegtlel opened this issue Jan 19, 2020 · 1 comment
Labels
Contributor Friendly Documentation

Comments

@voegtlel
Copy link

@voegtlel voegtlel commented Jan 19, 2020

Describe the bug

Hi there, I'm trying to implement the oidc provider in my framework, but I'm not really clear about the implementation:

The docs state:

get_id_token(token, token_handler, request)
Get OpenID Connect ID token

This method is OPTIONAL and is NOT RECOMMENDED. finalize_id_token SHOULD be 
implemented instead. However, if you want a full control over the minting of the 
id_token, you MAY want to override get_id_token instead of using finalize_id_token.

Although, further down it says:

validate_jwt_bearer_token(token, scopes, request)
Ensure the JWT Bearer token or OpenID Connect ID token are valids and 
authorized access to scopes.

If using OpenID Connect this SHOULD call oauthlib.oauth2.RequestValidator.get_id_token

But if it's not implemented or I don't want to customize it, how SHOULD I call it?

Even if I'd implement it the very same way as grant_types.py:GrantTypeBase.add_id_token, the nonce parameter is not passed through to get_id_token so it cannot easily be implemented the same way.

In general, I find it hard to follow the docs to implement this provider, and would really like to see an example implementation in any framework, which I couldn't find searching everywhere.

Thanks!
@JonathanHuot
Copy link
Member

@JonathanHuot JonathanHuot commented Apr 17, 2020

Hi @voegtlel, sorry for the delay. It seems this part of the documentation was not updated.

One of the main difficulty by implementing a provider is to know what are the hooks required to be implemented.

I had created this graph: https://oauthlib.readthedocs.io/en/latest/oauth2/server.html#oauth2-0-provider-flows to help for OAuth2.0 flows, unfortunately I didn't had the time to do the same for OpenID Connect flows.

Also, having a separated documentations for different OAuth2.0 actors will help understanding what to do (i.e. validate_jwt_bearer_token is not needed if you're implementating an OpenID Connect Provider only).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Contributor Friendly Documentation
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@JonathanHuot @voegtlel
You can’t perform that action at this time.