mirror of
https://github.com/ubicloud/ubicloud.git
synced 2025-10-09 16:21:57 +08:00
11dc410605
Previously, I had only tested with the authorization server example that comes with rodauth-oauth. When I did additional testing using oidc-tester.compile7.org, I found that it didn't work, for a few reasons: * Content type of form for token endpoint POST should be application/x-www-form-urlencoded. I was previously using application/json, but while that worked for the rodauth-oauth authorization server, it is non-standard. * It looks like a bug, but while oidc-tester.compile7.org advertises it supports client_secret_basic, it actually appears to only support client_secret_post. Include the client id and secret both in the header and in the body so that it should work with either type. * Check the aud entry of the id_token, instead of the client_id entry. The aud entry must contain the client id (or equal the client id if it is a string). These changes allow successfully allow authentication with both the rodauth-oauth authorization server and oidc-tester.compile7.org. |
||
|---|---|---|
| .. | ||
| omniauth_oidc.rb | ||