Skip to content

OpenID Connect ".well-known" provider config #5155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sparty02 opened this issue Mar 26, 2018 · 4 comments
Closed

OpenID Connect ".well-known" provider config #5155

sparty02 opened this issue Mar 26, 2018 · 4 comments
Assignees
@rwinch
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue

Comments

@sparty02
Copy link

sparty02 commented Mar 26, 2018
edited
Loading

Summary

Currently, all of the OpenID Conenct provider configuration (authorization-uri, token-uri, user-info-uri, jwk-set-uri) can be established in the spring security environment using application.yml. However, the OpenID Connect spec also defines a ".well-known" discovery endpoint that can be used to get all of this provider config as well. The spring config should allow for some kind of "well-known" endpoint uri to be set that would then provide the rest of the related uris,

Actual Behavior

All provider configuration must be explicitly defined in the application environment properties, e.g.:

spring:
  security:
    oauth2:
      client:
        provider:
          okta:
            authorization-uri: https://dev-119999.oktapreview.com/oauth2/v1/authorize
            token-uri: https://dev-119999.oktapreview.com/oauth2/v1/token
            user-info-uri: https://dev-119999.oktapreview.com/oauth2/v1/userinfo
            jwk-set-uri: https://dev-119999.oktapreview.com/oauth2/v1/keys
            user-name-attribute: sub

Expected Behavior

An abbreviated configuration could be done using the spec'ed "well-known" provider configuration discovery mechanism, e.g.:

spring:
  security:
    oauth2:
      client:
        provider:
          okta:
            openid-configuration-uri: https://dev-119999.oktapreview.com/.well-known/openid-configuration

Note, the above "openic-configuration-uri" is live and show an example of the spec'ed well-known openid-configuration uri.

Comments

Version

5.0.3.RELEASE
@sparty02
Copy link
Author

sparty02 commented Mar 26, 2018
edited
Loading

Implementation note: This could be done somewhere around here, where the config originally gets loaded/set.

@rwinch rwinch added this to the 5.1.0.M2 milestone Mar 26, 2018
@rwinch
Copy link
Member

rwinch commented Mar 26, 2018

Thanks for the report @sparty02! This issue is a duplicate of #4413

@rwinch rwinch closed this as completed Mar 26, 2018
@rwinch rwinch self-assigned this Mar 26, 2018
@rwinch rwinch added status: duplicate A duplicate of another issue in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) OIDC labels Mar 26, 2018
@rwinch rwinch removed this from the 5.1.0.M2 milestone Mar 26, 2018
@sparty02
Copy link
Author

Thanks @rwinch . I searched around, but totally missed that issue.

@rwinch
Copy link
Member

rwinch commented Mar 26, 2018

Not a problem...it took me a few searches to find it myself :) Thanks for taking the time to report the improvement request!

@sparty02 sparty02 mentioned this issue May 17, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rwinch @sparty02