Comments (3)
Hey @zarkoc
First of all: Thanks for the issue.
There seems to be an error in the readme. As you mentioned, we use the oauth2 module which does not support the implicit flow.
Is there any reason why you need to use the implicit flow?
Because IMHO there is no need to support it. The implicit grant was designed for OAuth public clients
, which were not able to store a secret. So as a confidential
web application there's no need to use it. For various security reasons OAuth2 best current practice proposes to use PKCE instead and OAuth 2.1 will drop it from the specs.
from oidc.
As far as I can see we can't modify the responce_type from code?
The relyingParty struct is using oauthConfig *oauth2.Config, which comes from the oauth2 module, and the code responce_type is hardcoded there.
https://cs.opensource.google/go/x/oauth2/+/6b3c2da3:oauth2.go;l=154
But the readme.md in the Features section explicitly mentions that is supports the ImplicitFlow for RP, so I guess Im missing something?
Thanks,
Zarko
from oidc.
Hi there let me check this tomorrow 😎
cc @livio-a @fgerschwiler
from oidc.
Related Issues (20)
- Can't revoke token HOT 1
- allow to set audiences for device authorization
- return an ID token with Device Authorizaiton HOT 1
- [Spike]: OpenID Conformance testing suite
- Need to add a "typ":"JWT" header to my tokens HOT 1
- proposal(op): new server interface to replace storage HOT 8
- state always returned in access token response HOT 2
- JWT Assertion payload does not match RFC example when generated with OIDC relying party HOT 8
- [Bug]: Client Assertion token request includes basic auth header HOT 3
- PKCE support is not enough HOT 1
- use trace id of external service HOT 2
- Allow custom forwarded header HOT 2
- [Bug]: client invalid signature when OIDC server is restarted HOT 2
- The automated release is failing 🚨
- [Bug]: nil pointer dereference in `crypto.BytesToPrivateKey` HOT 3
- Access to auto discovery configuration HOT 3
- Allow empty nonce from ID Tokens issued from Refresh Tokens HOT 10
- Support form_post OIDC response mode HOT 4
- Do not ignore all JWKS parsing errors HOT 1
- [Bug]: nil pointer dereference when not setting unauthorized handler HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oidc.