Use case with customer-configured providers

[AndrewDryga]

Hello guys,

We build a product where customers can configure their OIDC connections themselves and I wanted to ask you if you cover such a use case. The challenge is that we can have tens of thousands of OIDC configs (and growing), and we can't really start a GenServer for each one of them, while the API of oidcc looks like it takes provider_configuration_name which is basically a process name.

Right now we are using https://github.com/firezone/openid_connect (that we fully rewrote to have a limited cache size) and would like to give oidcc a try.

Do you have any ideas if we will be able to use it in a similar manner? Maybe some refs to the docs would help. If not, would you want a PR to make it possible?

[maennchen]

You should be able to manage the configurations yourself as well. To do so, you can create a context and then use it:

• https://hexdocs.pm/oidcc/oidcc_client_context.html#from_manual/5
• https://hexdocs.pm/oidcc/oidcc_authorization.html#create_redirect_url/2

The functions in oidcc are only convenience functions and you should be able to call underlying functions with a manually created context.

If you opt in to use this method, you’ll be responsible to manage loading and refreshing the configuration.

Make sure yo implement a refresh_jwks function as well to reload the jwks any time you encounter a new and unknown kid.