coreos / go-oidc

A Go OpenID Connect client.
Apache License 2.0
1.99k stars 400 forks source link

Add custom issuer validation for discovery based Providers creation #431

Closed yuri-potatoq closed 5 months ago

yuri-potatoq commented 5 months ago

I really want to thank you for the helpful project. It is very useful for OIDC auth validations.

Unfortunately i have the same problem solved by InsecureIssuerURLContext , with Keycloak OIDC discovery hostnames.

When i used the custom context to figure out it, i was wondering if a new feature to customize the issuers validation on Provider creation should fit in the project design. The goal is to accept trusted internal hosts at the issuer validation.

I make this PR to make a simple solution. I've designed in that way to avoid break changes. Could u tell me if that could fit as a offical PR?

ericchiang commented 5 months ago

Since you can already do comparisons after providing the insecure issuer option, I don't think we need another hook.

yuri-potatoq commented 5 months ago

Hey, thank you to reply. That sounds suitable enough. But my point is about to centralize OIDC configuration stuff into the provider library, can be helpful to when the users has serveral microservices which share the same validation behavior and then package such logic to be reusable.

It's was just to clarify my intentions, if still not the library goal, i'm ok.