search

ramosbugs / openidconnect-rs

OpenID Connect Library for Rust
MIT License
372 stars 98 forks source link

Add examples for non-oidc-provider providers mentioned in README #153

Open Nerglej opened 3 months ago

Nerglej commented 3 months ago

The README for this repo has this line as the very first you read:

This library provides extensible, strongly-typed interfaces for the OpenID Connect protocol, which can be used to authenticate users via GitHub, Google, GitLab, Microsoft, Apple, Discord, and many other providers.

There's only an example in the docs for Google which uses Google's discover endpoint (/.well-known/openid-configuration).

The README clearly mentions GitHub, Discord and 'many other providers', but GitHub and Discord (the ones that I've tested, but I would imagine a lot more) doesn't have a discover endpoint.

That is in itself fine, because you can just work around the discover-endpoint with CoreProviderMetadata. You can't use CoreProviderMetadata::new() for Discord though, since they also don't have a JWKS-endpoint (haven't checked GitHub). And that's where I'm currently stuck, but will still work on it though.

So I'm kindly asking for an example of how to implement an OpenID Connect client for Discord/GitHub/'many other providers' that doesn't have the discover endpoint. I've already implemented authentication for Discord, GitHub, Facebook and others with the OAuth2 crate, so I'm not that new to this, but I still feel like I'm missing something in this crate...

Kind regards😊

ramosbugs commented 3 months ago

GitHub, Google, GitLab, Microsoft, Apple, Discord, and many other providers.

Ah whoops, I think I was confusing GitHub's support for OIDC from within Actions for its own API auth, which seems to be OAuth2-only. I'll remove GitHub from that list. If I was mistaken about any other providers in this list supporting OIDC, I'd be happy to remove those as well.

So I'm kindly asking for an example of how to implement an OpenID Connect client for Discord/GitHub/'many other providers' that doesn't have the discover endpoint. I've already implemented authentication for Discord, GitHub, Facebook and others with the OAuth2 crate, so I'm not that new to this, but I still feel like I'm missing something in this crate...

This is fair, and I agree it's worth adding an example that shows how to set the endpoints manually.

It's straightforward to do and mirrors how the oauth2 crate works. Instead of calling CoreClient::from_provider_metadata(), call CoreClient::new(), which allows you to provide the same info that's read from the provider metadata when using OIDC Discovery.

Note that both this crate's and oauth2's APIs are going to change a bit soon in their respective upcoming major releases, but the general approach here will be the same.

ramosbugs commented 3 months ago

I updated the README for accuracy in fcada1718118cfebfaa874e8b1920cd1dbc2b358. Thanks for pointing out those issues! I was too hasty in adding those a few weeks ago.