-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve OIDC compliance: integrate IDTV #344
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly questions but some might lead to changes.
Nice work on this! Hopefully this was helpful, Swift is difficult for me to read, lots of unfamiliar syntax!
Co-Authored-By: Luciano Balmaceda <balmacedaluciano@gmail.com>
@joshcanhelp can you please also check the domain logic in this entire file? |
Changes
This update improves the SDK support for OpenID Connect (OIDC). In particular, it hooks the ID Token validation logic in the authentication flows.
What’s being added in this PR
jwks
endpoint.What’s being changed in this PR
decodeJwt(_:)
method fromCredentialsManager.swift
and replaced it with calls toJWTDecode
logic.validate(idToken:context:signatureValidator:claimsValidator:callback:)
to usefor
as the external name for the parametercontext
, for the sake of API expressiveness.ImplicitGrant
andPKCE
in order to pass the parameters needed to perform ID Token validation.Public surface area
leeway(_:)
andmaxAge(_:)
in the WebAuth builder.Testing
Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.
Checklist