graingert
commented
3 years ago the uri is hardcoded in https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
OpenID Providers supporting Discovery MUST make a JSON document available at the path formed by concatenating the string /.well-known/openid-configuration to the Issuer.
this is a MUST in the spec
similarly OIDC Discovery makes the same requirement of the client:
An OpenID Provider Configuration Document MUST be queried using an HTTP GET request at the previously specified path.
While trying to use oidc-register with an instance of ipsilon, I failed to use oidc-register to retrieve client secrets. The reason for that was that ipsilon (in default config) doesn't respond to the endpoint hardcoded at [1]. Therefore I'd like to propose that the name of the endpoint (e.g. the current
.well-known/openid-configuration) should be configurable (e.g. with a commandline argument).(What worked for me was replacing that value with
openidc/wellknown_openid_configuration). Thanks for considering![1] https://github.com/puiterwijk/flask-oidc/blob/2c66a0dcccd8a587c7c4d25979107deb99d71c02/flask_oidc/discovery.py#L42