-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for other token_endpoint_auth_method
methods that require a secret (OIDC)
#799
Comments
It looks like google workspace doesn't support In fact, if you take a closer look at the configuration, you might've noticed that you don't/can't even specify the OIDC secret: https://github.com/JaneJeon/blink/blob/master/.env#L40 Checking the .well-known endpoint (as outlined in Blink's documentation) for google auth seems to confirm that Therefore, if you want to use google as your OIDC provider, some google-specific changes will need to be made to the OIDC client configuration provider: https://github.com/JaneJeon/blink/blob/master/middlewares/passport.js#L21 (I say google-speciific here, because most OIDC providers that allow RS256 - an asymmetric encryption method - also allow Now, I don't have access to a google workspace, so I won't be able to test it, but if you were to add optional support for client_secret (probably read value of Would you be interested in testing such a change against google workspace OIDC? |
token_endpoint_auth_method
methods that require a secret (OIDC)
Ew, sorry I didn't comment earlier, but I indeed managed to login with Google Workspace. I modified passport.js, And it works. Really great! One little suggestion: switch the |
Excellent to hear that works, I will create the fix and release it after my morning routine, and notify you once it's done. |
Hello, it is now released (release v1.4.0): https://github.com/JaneJeon/blink/releases/tag/v1.4.0, https://github.com/JaneJeon/blink/pkgs/container/blink/123663099?tag=v1.4.0 The instructions for the client secret and auth method have been added to the documentation: https://docs.blink.rest/Installation/2.1%20Prerequisites#oidc-protocol Please follow the instructions with the new release, and let me know if it doesn't work (in that case, I will re-open the issue). Thanks. |
Disclaimers
Issue Description
Describe the bug
Try to set up OIDC with Google Workspace. Google OIDC is requiring a client_secret to authenticate, and Blink doesn't provide one. It gives the following error after authentication:
Deployment Method
Using docker compose and .env provided in this directory. Modified .env with my Client ID and Google's authentication URL.
FYI,
https://accounts.google.com
is Google Base URLTo Reproduce
Steps to reproduce the behavior:
Setup OIDC with Google Workspace.
Try to log in.
Expected behavior
Should be able to add an OIDC Client Secret to authenticate against external OIDC providers
The text was updated successfully, but these errors were encountered: