Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why can't we add bad providers ourself? #164

Closed
jerbob92 opened this issue Nov 16, 2015 · 2 comments
Closed

Why can't we add bad providers ourself? #164

jerbob92 opened this issue Nov 16, 2015 · 2 comments

Comments

@jerbob92
Copy link

I'm currently trying to implement a provider that did not follow the spec.
Currently the only way to get it working is by creating a fork and add it to the bad providers list.

The code tells me the following:

    // Assume the provider implements the spec properly
    // otherwise. We can add more exceptions as they're
    // discovered. We will _not_ be adding configurable hooks
    // to this package to let users select server bugs.

Why is this? I think there are many broken providers, is it really worth adding them all to the list by MR?

My suggestion is adding a HasBrokenAuthHeader field on the oauth2.Endpoint type.
Another option is adding a AuthorizeLocation field on the oauth2.Endpoint type, the value could be header or query.
@cnbuff410
Copy link
Contributor

Refer to lengthy discussion about this topic here:

#111

@jerbob92
Copy link
Author

Thanks, I missed that one!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cnbuff410 @jerbob92