Open jkroepke opened 10 months ago
hei @livio-a @muhlemmer what do you think about this?
With the proposed solution there would still be 2 discovery calls. As WithPKCE
is an Option
and discovery is always done during constructing the RP. If you would able to extract the obtained discovery response and enable PKCE afterwards, you need to rebuild the RP anyway.
Instead, I would propose an Option
that enables PKCE
if supported. For example:
// WithPKCEFromDiscovery enables Oauth2 Code Challenge if support is found in the discovery response from the OP.
// Passing this option to a Oauth2-only RP will result in an error, as there is no discovery call.
func WithPKCEFromDiscovery(cookieHandler *httphelper.CookieHandler) Option
That makes sense. Good idea
Preflight Checklist
Describe your problem
Hi,
I'm using
rp.NewRelyingPartyOIDC
which does an auto-discovery by default. I'm missing a method to access the auto discovery and I would like to avoid call the endpoint twice.A goal is to detect, if PKCE is supported by provider and if yes, enable it. An other goal is a check, if the current configured scopes are present in the
scopes_supported
array.Describe your ideal solution
Having a receiver function which allow the access to the discoveryConfiguration.
https://github.com/zitadel/oidc/blob/dce79a73fb3db57e90b60e0ff409ae8bd8fb496e/pkg/client/rp/relying_party.go#L213
Version
3.8.1
Environment
Self-hosted
Additional Context
No response