-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include issuer finding in Discovery #2
Comments
yes in fact, when constructed, the OpenID Connect configuration ask for the base provider URL to which it automatically add the /.well-known/openid-configuration suffix. Then the $wellKnown value is loaded with all the openid server properties, including the issuer url. Then in the function verifyJWTClaims the return value should be: return (($claims->iss == $this->wellKnow->issuer) and not: return (($claims->iss == $this->getProviderURL()) Cause the providerURL can be very different of the issuerURL. JF |
…x) of type string is deprecated
Changed parameter jumbojett#2 of http_build_query to empty string
Changed parameter jumbojett#2 of http_build_query to empty string
Changed parameter jumbojett#2 of http_build_query to empty string
There are two steps to discovery:
One way of supporting this feature is utilizing an account chooser.
it's particularly useful if you're logging in using multiple issuers
Server discovery in Java
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/blob/master/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
If it doesn't, it redirects you to the account chooser URL
This gets tied into the rest of the client filter that does the heavy lifting.
The text was updated successfully, but these errors were encountered: