stanhu
commented
2 years ago @jessieay @bufferoverflow Could you review this?
Closed stanhu closed 1 year ago
stanhu
commented
2 years ago @jessieay @bufferoverflow Could you review this?
bufferoverflow
commented
2 years ago @azure Is this correct ? Azure B2C, discovery does not work because the discovery URL does not match the issuer field and therefore being non-standard OpenID Connect?
stanhu
commented
2 years ago @bufferoverflow FYI, the Azure non-compliance has been discussed in other issues:
In non-standard OpenID Connect providers, such as Azure B2C, discovery does not work because the discovery URL does not match the issuer field. If a JWKS URI is provided when discovery is disabled, we should make an HTTP request for the keys and use the response.
Closes https://github.com/m0n9oose/omniauth_openid_connect/issues/72
This is part of the effort to upstream changes in the GitLab fork: https://gitlab.com/gitlab-org/ruby/gems/gitlab-omniauth-openid-connect/-/issues/5.