search

dexidp / dex

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
https://dexidp.io
Apache License 2.0
9.47k stars 1.7k forks source link

Take a look at Ory Fosite #2061

Open sagikazarmark opened 3 years ago

sagikazarmark commented 3 years ago

Fosite is an OAuth 2.0 and OIDC framework used in Ory Hydra. Let's take a look at it to see if we can use it in Dex and collaborate on it.

It looks promising and it fixes a couple known issues in Dex, but I haven't looked deeply at it.

cc @aeneasr

nabokihms commented 3 years ago

I briefly looked through the documentation, and I'm tempted. We can abstain from a lot of code that requires refactoring and focus on connectors / storages / middlewares.

Some concerns (but I need to deep dive into the fosite documentation to prove them for myself):

  1. Dex doesn't accept all options, e.g., max_age, login_prompt, login_hint, and it can be hard to integrate them with callback connectors. (Is it possible to customize acceptable options?)
  2. It looks like we will have to refactor the whole storage (what can be a huge breaking change).
sagikazarmark commented 2 years ago

I'm trying to pick this one up (partly to do some research for #1629).

As for your concerns:

  1. I think it's okay to rewrite certain components for our use cases.
  2. Maybe we can use the existing storage layer to implement the one in fosite and implement the rest?