ericchiang
commented
1 year ago I think this is out of scope for this package. As you've stated, a simple server is easy(-ish) to provide. There are significant customizations you need for a production server, and I'm not sure what a good API would be. If you have a basic use case, it's easy to copy the examples.
A while back, when working on https://github.com/dexidp/dex, I had some ideas for a package with server-side logic, but that'd probably be a collection of utilities for parsing redirect URLs, scopes, building token response, etc. rather than a http.Server.
I actually remember a Go package that tried to provide a generalized OAuth 2.0 server framework, but I couldn't find it. There were a lot of callbacks.
If there's an API you'd like to propose, happy to reopen. But without that it's hard to imagine this package expanding this significantly.
Should the package contain a reusable to stock server to handle the callbacks required by the OIDC flow?
The two examples both appear to be defining this code https://github.com/coreos/go-oidc/blob/fb9e00951dc7a7d035e7664a5df116c3563afbd7/example/idtoken/app.go#L48
If your creating a CLI I think a stock server would probably work in most cases and you probably aren't already running a server that you'd want to add the required handlers to. So I think a stock server would be valuable.