OpenID-provider without `userinfo_endpoint` - Githubissues

nov / openid_connect

OpenID Connect Server & Client Library

MIT License

418 stars 122 forks source link

OpenID-provider without `userinfo_endpoint` #82

Closed davidwessman closed 10 months ago

davidwessman commented 1 year ago

Hello!

We are working with a new provider which do not provide the userinfo_endpoint, so it is set to nil via discovery as far as I can understand.

It does fail in openid_connect (1.4.2) lib/openid_connect/access_token.rb with OpenIDConnect::HttpError Unknown HttpError.

As far as I have been able to understand it is only RECOMMENDED in the discovery definition https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata.

We are using openid_connect through https://github.com/omniauth/omniauth_openid_connect but I have not been able to find a way to disable the use of the userinfo_endpoint from there.

Versions:

openid_connect 1.4.2
omniauth_openid_connect 0.6.0

nov commented 10 months ago

I don't think it's related to this gem. In this gem, userinfo_endpoint is optional.