Closed oshbec closed 3 years ago
Good call!
Yeah, I didn't think of fetch_user/2
, fetch_userinfo/2
or validate_id_token/2
functions being called outside the callback/3
flow even though they are public functions. You are right that we should use the same logic always to fetch :openid_configuration
in case you are calling these functions separately.
Feel free to open PR calling openid_configuration(config)
instead of Config.fetch(config, :openid_configuration)
in fetch_userinfo/2
and validate_id_token/2
(fetch_user/2
calls validate_id_token/2
so only those two a necessary to update) 😄
Going to publish new release soon so went ahead and update the functions in #73
Thanks for your work on this!
Hi, and thanks for building and maintaining this 👋.
In the configuration documentation for OIDC,
:openid_configuration
isn't strictly required since it can be fetched from:openid_configuration_uri
if it isn't defined. Similarly,:openid_configuration_uri
is also optional, since it defaults to/.well-known/openid-configuration
based on:site
.Both
authorize_url/1
andcallback/3
work this way by callingopenid_configuration/1
. However,fetch_user/2
,fetch_userinfo/2
, andvalidate_id_token/2
are usingConfig.fetch/2
to resolve configuration, so they aren't getting it dynamically.Should these work consistently? I'm a bit new to both Elixir and OIDC, so it's quite possible my understanding is off here.
If the intent is to have them all get
:openid_configuration
dynamically, I'm happy to try submitting a PR.Thanks for your time!