Support for OpenID Connect (OIDC)

(Ofer Nave) #1

I’m excited about and appreciate this new OAuth2 plugin, but I have to admit I’m a little disappointed that you stopped short of fully implementing OpenID Connect (OIDC).

I’m not yet an expert on OIDC, so correct me if I’m misunderstanding something… (context: currently working on a custom OIDC provider in Ruby and want to integrate Discourse with it)

It seems like the one major piece that OIDC adds to OAuth2 is the userinfo endpoint, who’s purpose is to solve exactly the same problem that the custom user info JSON endpoint described in your docs is intended do. But I don’t understand why you would implement a standard (OAuth2) and then make it depend on a custom extension (your user info endpoint) instead of defaulting to the other standard that provides a spec for that function (OIDC).

Is there a reason it had to be that way? And if not, are you open to moving this plugin towards OIDC compliance, or will I need to implement another plugin for that (perhaps building on yours)?

OAuth2 Basic Support
(Robin Ward) #2

It was nothing that intentional – the use case was “Can we support a variety of OAuth providers that already exist?” and this was the solution we came up with. None of the ones I looked at supported OIDC so I needed a solution that would work for them.

Having said that, I’d be happy to add OIDC support for those who can support it.

(Ofer Nave) #3

That’s good to hear. I’ll get back in touch if/when I end up hacking on it and coming up something useful.