simov
commented
4 years ago Thanks for the feedback @flyboarder!
Grant is not an OpenID Connect Certified client (yes there is such thing), so it doesn't claim to support the whole spec. Grant is more like OAuth transport layer then a fully compliant OIDC client or anything else.
That's the reason why grant-profile is outside of it, because it falls out of scope. Similarly I have an experimental grant-oidc module that is supposed to be the place for OIDC related stuff. Well, the initial goal would be to just get the public keys from the above mentioned metadata endpoint and properly validate the id_token.
As for logout URLs and other related OIDC goodies, that's a great idea! It just won't be in this module.
Grant js should allow us to logout of the OAuth provider by forwarding a request to the OAuth providers logout url.
Also OIDC providers should have a metadata endpoint: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-openid-connect-code#openid-connect-metadata-document
Similarly to grant-profile we should be able to fetch the correct url using the metadata and a map of logout urls to providers.