Open NSeydoux opened 3 years ago
I was just trying this and this behavior is still present. I'm trying https://inrupt.net and https://solidcommunity.net, which I think are both running NSS.
I get:
NSLocalizedDescription=The request timed out., NSErrorFailingURLStringKey=https://solidcommunity.net/userinfo, NSErrorFailingURLKey=https://solidcommunity.net/userinfo, _kCFStreamErrorDomainKey=4}
NSLocalizedDescription=The request timed out., NSErrorFailingURLStringKey=https://inrupt.net/userinfo, NSErrorFailingURLKey=https://inrupt.net/userinfo, _kCFStreamErrorDomainKey=4}
As part of the OIDC login flow, during the backchannel exchange to get the access and id token (assuming you are in the auth code flow, but that's not relevant to the issue), one can perform a check against the
UserInfo
endpoint of the OIDC provider to check that thesub
claim of the obtained ID token matches the one of the userinfo associated to the access token.However, in the case of NSS, a lookup at
https://inrupt.net/.well-known/openid-configuration
shows that the userinfo endpoint exists, but a GET tohttps://inrupt.net/userinfo
just hangs, and never get either a success or an error response. This prevents proper functioning of some OIDC libraries, and requires to be worked around. Should this be fixed in the NSS repo, or rather at theoidc-op
level ?