Closed supiash1 closed 2 years ago
Hi, Could I ask is it possible to support discovery_url as a config as against deducing from the issuer as issuer + '.well-known/openid-configuration'? The reason for this is in the below code https://github.com/nov/openid_connect/blob/4acd4802a79217c0124dde43f9233df678616a6b/lib/openid_connect/discovery/provider/config.rb response.expected_issuer = identifier it sets the expected_issuer as identifier. If the identifier(issuer) has path component the issuer validation fails and gives Invalid issuer.
response.expected_issuer = identifier
Ex: if I had supplied identifier/issuer as 'https://domain.com/identity1' to OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer) and from the discovery the issuer is 'https://domain.com' the validation fails.
Hi, Could I ask is it possible to support discovery_url as a config as against deducing from the issuer as issuer + '.well-known/openid-configuration'? The reason for this is in the below code https://github.com/nov/openid_connect/blob/4acd4802a79217c0124dde43f9233df678616a6b/lib/openid_connect/discovery/provider/config.rb
response.expected_issuer = identifierit sets the expected_issuer as identifier. If the identifier(issuer) has path component the issuer validation fails and gives Invalid issuer.Ex: if I had supplied identifier/issuer as 'https://domain.com/identity1' to OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer) and from the discovery the issuer is 'https://domain.com' the validation fails.