Support for self-signed certificates

[heimmat]

My OIDC server uses a certificate signed by a custom CA which needs to be trusted by my application. That currently seems to be impossible with your crate. My understanding is that client discovery is the only time my application will directly contact the OIDC server. So if there was a way to pass a custom http client function instead of the hardcoded openidconnect::reqwest::async_http_client

impl<AC: AdditionalClaims> OidcClient<AC> {
    pub async fn discover_new(
    // ...
    ) {
        let provider_metadata =
            ProviderMetadata::discover_async(IssuerUrl::new(issuer)?, async_http_client).await?;
            // ...
   }
}

my problem could be solved by copying the openidconnect code and adding builder options importing the certificate.

Another option might be providing a OidcClient::new constructor which accepts already discovered ProviderMetadata.

Got any pointers for me how you would implement that?

[pfzetto]

Hello, I've added new constructors to OidcClienton master in c9f63180b3aa49a0be336c012bfa14477f4fb6aa. These functions will be included on the next minor release.

They alllow you to provide a reqwest::Client or ProviderMetadata to build a OidcClient.

Let me know if they help in your situation.

Paul

[heimmat]

Wow, thanks Paul! This looks promising. When do you plan to publish to crates.io?

[pfzetto]

I'm not sure. I think that I will wait a bit longer until I have some more changes. You can always use the Cargo Git Dependency.

[heimmat]

That's what I ended up doing and it worked like a charm. Thanks again, Paul!