00746ea636
The OpenID Connect specifies that all providers must return a JSON discovery document [1] in a well-known location. We can let the user pass this document instead of the individual endpoints (i.e. token and authorization endpoint). Moreover, we can also check if the requested grant_type (implicit to the used plugin, and one of client_credentials, password, authorization_code) is supported by the provider before starting the auth flow. [1] https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata Fixes-bug: #1583682 Change-Id: I24b7960b25ddcff45552c0ab5541d92122d1d560
13 lines
494 B
YAML
13 lines
494 B
YAML
---
|
|
features:
|
|
- >
|
|
Add support for the `OpenID Connect Discovery Document
|
|
<https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata>`_
|
|
into the OpenID Connect related plugins. Now it is possible to only pass the
|
|
`discovery-url` option and the plugins will try to fetch the required
|
|
metadata from there.
|
|
fixes:
|
|
- >
|
|
[`bug 1583682 <https://bugs.launchpad.net/keystoneauth/+bug/1583682>`_]
|
|
OpenID Connect plugins should support OpenID Connect Discovery.
|