[14.0] auth_oidc with authorization flow should call validation endpoint

[stellamargonar]

Module auth_oidc, Odoo 14.0 I have a OpenID provider configured in Odoo after installing the auth_oidc addon from this repository. Currently i'm working on Odoo 14, using https://github.com/OCA/server-auth/pull/261 and the provider is using OpenID Connect (authorisation code flow)

It works, meaning that users can now login in Odoo with the OpenID provider, and the first time the user is created with the default template. The problem is that the only information that Odoo reads from the provider are the ones in the token, which is only the user id. Even though i configured all the endpoints (authentication, validation, token, jwks and data) the addon is not calling the validation and data (they are the same anyway) endpoint: this api would return all the user claims the client has access to, including email, that would be necessary to properly configure the user in Odoo.

Accordingly to the OpenID protocol seems like after the authorisation phase, the client should also send a request to the userinfo endpoint, but this is not implemented in auth_oidc.

On the other side, i see that this particular call was present in the auth_oauth addon.

I would suggest to add to the implementation of addons.auth_oidc.models.res_users.ResUsers.auth_oauth a call to the validation endpoint (if provided) similarly to what is done in auth_oauth addon, and update the validation dictionary with the result of the call.

[sbidoul]

Sounds reasonable. Would you like to do a PR ?

[stellamargonar]

Sure, here it is https://github.com/OCA/server-auth/pull/336

[github-actions[bot]]

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.