This repository has been archived by the owner on Feb 4, 2020. It is now read-only.

Support OpenID Connect Discovery #3

Open

3 tasks

callahad opened this issue Mar 4, 2016 · 0 comments

Member

callahad commented Mar 4, 2016

This prototype should expose itself as an OpenID Connect provider, in accordance with the OpenID Connect Discovery spec.

We need to:

Serve a JSON document from /.well-known/openid-configuration with Content-Type: application/json
Correctly represent the provider metadata for the Let's Auth daemon
Publish signing keys as an RFC 7517 JWK Set

Specifically, we must present the following metadata:

issuer
authorization_endpoint
jwks_uri
scopes_supported (both openid and email)
response_types_supported
subject_types_supported (just public)
id_token_signing_alg_values_supported (must include RS256)

We may want to include:

registration_endpoint (if we end up using OpenID Connect's dynamic client registration stuff)
claims_supported (See OpenID Connect Standard Claims -- we're only interested in, at most, sub, email, and email_verified.)
service_documentation
op_policy_uri
op_tos_uri

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.